Beware Phishing Emails

Uploaded on 2019-12-06 in NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW

Despite what people think they know about phishing, they consistently fall victim.

Phishing attempts directed at specific individuals or companies have been termed spear phishing.

 In contrast to bulk phishing, spear phishing attackers often gather and use personal information about their target to increase their probability of success. 

For instance, according to a “verification” email, which purports to be from Microsoft’s Office 365, your email address needs to be updated to the 2020 version. The message warns that your account will be blocked or suspended if you fail to update correctly. It instructs you to click a link to complete the verification and update. However, Microsoft did not send the email and it has no connection to Office 365.

In fact, the message is a phishing scam designed to steal your Office 365 login credentials.  

Clicking the update link opens a page hosted on Google Forms that asks for your username, email address, and password.
If you complete and submit the form, the information you have entered can be collected by criminals and used to hijack your account. Once they have gained access, the criminals can use the account to distribute fraudulent material in your name, access documents you have stored online and commit further fraudulent activities.
Of course, Microsoft would never use a login form supplied and hosted by rival Google. Nor will they ever send you an email demanding that you click a link to log in and update account details. 
It is always safest to login to your online accounts by entering the address into your browser’s address bar or via a trusted app.

A transcript of the scam email: 

OFFICE 365
Your e-mail needs to be updated with our newly released 365-Secure Internet
Security 2020 version of a better resource web-mail spam and
viruses update.
Failure to update correctly will process your email account being temporarily
blocked or suspended from our network
To complete verification and update, click here.
Thanks,
LocalHost

Ironically, the Google Form that the scammers have used to host their fraudulent login form has the following warning at the bottom:

  • Never submit passwords through Google Forms.
  • No legitimate organisation will contact you from an address that ends ‘@gmail.com’.
  • Not even Google.
  • Check the Email Domain before Opening Connections

With the exception of independent workers, every organisation will have its own email domain and company accounts. 
For example, emails from Google will read ‘@google.com’.Many of us don’t ever look at the email address that a message has come from.

Your inbox displays a name, like ‘IT Governance’, and the subject line. When you open the email, you think you  already know who the message is from and jump straight into the content. When crooks create their bogus email addresses, they often have the choice to select the display name, which doesn’t have to relate to the email address at all.

They can therefore use a bogus email address that will turn up in your inbox with the display name Google.But criminals rarely depend on their victim’s ignorance alone. Their bogus email addresses will use the spoofed organisation’s name in the local part of the address.

Phishing emails come in many forms, but the one thing they all have in common is that they contain a payload. 
Usually this will either be an infected attachment that you’re asked to download, or a link to a bogus website, that requests login and other sensitive information.

ITGovernance:           Hoax-Slayer:          Wikipedia

You Might Also Read:

Dealing With Malicious Emails:

By 2021 The Cost Of Cybercrime Will Be $6 Trillion:

 

 

« Free Speech And The Detention Of Julian Assange
Creating A Cyber Incident Response Policy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Kaspersky Lab

Kaspersky Lab

Kaspersky Lab is one of the world’s largest privately held vendors of endpoint cybersecurity solutions.

MKD-CIRT

MKD-CIRT

MKD-CIRT is the national Computer Incident Response Team for Macedonia.

CyberInt

CyberInt

CyberInt’s Managed Detection and Response services span globally and include some of the top finance, retail and telecommunication organizations.

Zeneth Technology Partners

Zeneth Technology Partners

Zeneth is a consulting firm providing information technology and cybersecurity services to federal and commercial clients.

CSI

CSI

CSI is a Managed Service Provider (MSP) delivering Hybrid Multi-Cloud, Data Protection, and Cyber Security solutions to highly regulated industries.

MER Group

MER Group

MER Group is a world-leading integrator in the areas of communications and security. MER cyber solutions cover the entire range of cyber and intelligence related products and services.

NinjaJobs

NinjaJobs

NinjaJobs is a community-run job platform developed by information security professionals. We focusing strictly on cybersecurity positions.

Vector Informatik

Vector Informatik

Vector Informatik is a specialist in automotove electronics and provides services, embedded software and tools for securing embedded systems against cyber-attacks.

SixThirty CYBER

SixThirty CYBER

SixThirty is a venture fund that invests in early-stage enterprise technology companies from around the world building FinTech, InsurTech, and Cybersecurity solutions.

ITsMine

ITsMine

ITsMine’s Beyond DLP™? solution is a leading Data Loss Prevention (DLP) solution used by organizations to protect against internal and external threats automatically.

Kape Technologies

Kape Technologies

Kape Technologies is a cybersecurity company focused on helping consumers around the world have a better digital experience with greater privacy and protection.

Global Cybersecurity Association (GCA)

Global Cybersecurity Association (GCA)

GCA’s Symposium and conferences featuring global thought leaders and CISOs provide a global best practice perspective on cybersecurity.

Cyral

Cyral

Easily observe, control, and protect your data endpoints in a cloud and DevOps-first world. Discover Data Mesh Security with Cyral.

InfoSec Brigade

InfoSec Brigade

InfoSec Brigade offers a suite of specialized solutions that help businesses to mitigate risk by integrating cyber and IT security protocols with business goals.

Orbis Cyber Security

Orbis Cyber Security

Orbis is one of the leading cybersecurity company in USA. Our cybersecurity specialist defends your data, combat threat, and modernize your compliance.

IEC Cyber Ltd

IEC Cyber Ltd

IEC Cyber provides Cyber security consulting services for OT systems, with emphasis on process systems aligned to IEC 61508 and IEC 61511. We are a preferred consulting firm for IEC 62443 services.