Beware Phishing Emails

Despite what people think they know about phishing, they consistently fall victim.

Phishing attempts directed at specific individuals or companies have been termed spear phishing.

 In contrast to bulk phishing, spear phishing attackers often gather and use personal information about their target to increase their probability of success. 

For instance, according to a “verification” email, which purports to be from Microsoft’s Office 365, your email address needs to be updated to the 2020 version. The message warns that your account will be blocked or suspended if you fail to update correctly. It instructs you to click a link to complete the verification and update. However, Microsoft did not send the email and it has no connection to Office 365.

In fact, the message is a phishing scam designed to steal your Office 365 login credentials.  

Clicking the update link opens a page hosted on Google Forms that asks for your username, email address, and password.
If you complete and submit the form, the information you have entered can be collected by criminals and used to hijack your account. Once they have gained access, the criminals can use the account to distribute fraudulent material in your name, access documents you have stored online and commit further fraudulent activities.
Of course, Microsoft would never use a login form supplied and hosted by rival Google. Nor will they ever send you an email demanding that you click a link to log in and update account details. 
It is always safest to login to your online accounts by entering the address into your browser’s address bar or via a trusted app.

A transcript of the scam email: 

OFFICE 365
Your e-mail needs to be updated with our newly released 365-Secure Internet
Security 2020 version of a better resource web-mail spam and
viruses update.
Failure to update correctly will process your email account being temporarily
blocked or suspended from our network
To complete verification and update, click here.
Thanks,
LocalHost

Ironically, the Google Form that the scammers have used to host their fraudulent login form has the following warning at the bottom:

  • Never submit passwords through Google Forms.
  • No legitimate organisation will contact you from an address that ends ‘@gmail.com’.
  • Not even Google.
  • Check the Email Domain before Opening Connections

With the exception of independent workers, every organisation will have its own email domain and company accounts. 
For example, emails from Google will read ‘@google.com’.Many of us don’t ever look at the email address that a message has come from.

Your inbox displays a name, like ‘IT Governance’, and the subject line. When you open the email, you think you  already know who the message is from and jump straight into the content. When crooks create their bogus email addresses, they often have the choice to select the display name, which doesn’t have to relate to the email address at all.

They can therefore use a bogus email address that will turn up in your inbox with the display name Google.But criminals rarely depend on their victim’s ignorance alone. Their bogus email addresses will use the spoofed organisation’s name in the local part of the address.

Phishing emails come in many forms, but the one thing they all have in common is that they contain a payload. 
Usually this will either be an infected attachment that you’re asked to download, or a link to a bogus website, that requests login and other sensitive information.

ITGovernance:           Hoax-Slayer:          Wikipedia

You Might Also Read:

Dealing With Malicious Emails:

By 2021 The Cost Of Cybercrime Will Be $6 Trillion:

 

 

« Free Speech And The Detention Of Julian Assange
Creating A Cyber Incident Response Policy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authorize.Net

Authorize.Net

Authorize.Net is a Payment Gateway which provides the complex infrastructure and security necessary to ensure fast, reliable and secure transactions.

techUK

techUK

techUK represents companies operating in the tech sector in the UK. Focus areas cover all aspects of ICT including cyber security.

Cradlepoint

Cradlepoint

With Cradlepoint customers leverage the speed and economics of wired and wireless Internet broadband for branch, mobile, and IoT networks while maintaining end-to-end visibility, security and control.

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

TDRA focuses on regulating the telecommunications sector and enabling government entities in the field of smart transformation. It is responsible for the overall digital infrastructure in the UAE.

National Accreditation Agency of Ukraine (NAAU)

National Accreditation Agency of Ukraine (NAAU)

NAAU is the national accreditation body for Ukraine. The directory of members provides details of organisations offering certification services for ISO 27001.

APT Search

APT Search

APT Search is a recruitment company specialising within the Legal Technology, Cybersecurity and Privacy sectors.

Dellfer

Dellfer

Dellfer secures connected cars and other IOT devices through Intrinsic protection, enabling the most sophisticated cybersecurity attacks to be seen instantly and remediated with precision.

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative is an information security and cyber security company with 40-plus years of experience across industry & government.

Agio

Agio

Agio is a hybrid managed IT and cybersecurity provider servicing the financial services, health care and payments industries.

SECFORCE

SECFORCE

SECFORCE is a leading information security consultancy specialising in bespoke penetration testing and red team engagements.

Arcturus Security

Arcturus Security

Arcturus is a CREST-approved cyber security consultancy created by experts in the field.

Atlantic Data Security

Atlantic Data Security

Atlantic Data Security is skilled in the analysis, recommendation, deployment, and management of all critical components of the security infrastructure.

Gem Security

Gem Security

Gem is on a mission to help security operations evolve into the cloud era, and stop cloud threats before they become incidents.

SecureChain AI

SecureChain AI

SecureChain are combining blockchain and AI technology to create a smarter blockchain platform especially in terms of security.

Gilsbar

Gilsbar

For more than half a century, Gilsbar has offered insurance service solutions and support for businesses and their employees.

ELK Analytics

ELK Analytics

ELK Analytics is a specialized Managed Security Services Provider (MSSP) that focuses on endpoint security and monitoring & alerting for any type of structured or unstructured data.