Beware Phishing Emails

Despite what people think they know about phishing, they consistently fall victim.

Phishing attempts directed at specific individuals or companies have been termed spear phishing.

 In contrast to bulk phishing, spear phishing attackers often gather and use personal information about their target to increase their probability of success. 

For instance, according to a “verification” email, which purports to be from Microsoft’s Office 365, your email address needs to be updated to the 2020 version. The message warns that your account will be blocked or suspended if you fail to update correctly. It instructs you to click a link to complete the verification and update. However, Microsoft did not send the email and it has no connection to Office 365.

In fact, the message is a phishing scam designed to steal your Office 365 login credentials.  

Clicking the update link opens a page hosted on Google Forms that asks for your username, email address, and password.
If you complete and submit the form, the information you have entered can be collected by criminals and used to hijack your account. Once they have gained access, the criminals can use the account to distribute fraudulent material in your name, access documents you have stored online and commit further fraudulent activities.
Of course, Microsoft would never use a login form supplied and hosted by rival Google. Nor will they ever send you an email demanding that you click a link to log in and update account details. 
It is always safest to login to your online accounts by entering the address into your browser’s address bar or via a trusted app.

A transcript of the scam email: 

OFFICE 365
Your e-mail needs to be updated with our newly released 365-Secure Internet
Security 2020 version of a better resource web-mail spam and
viruses update.
Failure to update correctly will process your email account being temporarily
blocked or suspended from our network
To complete verification and update, click here.
Thanks,
LocalHost

Ironically, the Google Form that the scammers have used to host their fraudulent login form has the following warning at the bottom:

  • Never submit passwords through Google Forms.
  • No legitimate organisation will contact you from an address that ends ‘@gmail.com’.
  • Not even Google.
  • Check the Email Domain before Opening Connections

With the exception of independent workers, every organisation will have its own email domain and company accounts. 
For example, emails from Google will read ‘@google.com’.Many of us don’t ever look at the email address that a message has come from.

Your inbox displays a name, like ‘IT Governance’, and the subject line. When you open the email, you think you  already know who the message is from and jump straight into the content. When crooks create their bogus email addresses, they often have the choice to select the display name, which doesn’t have to relate to the email address at all.

They can therefore use a bogus email address that will turn up in your inbox with the display name Google.But criminals rarely depend on their victim’s ignorance alone. Their bogus email addresses will use the spoofed organisation’s name in the local part of the address.

Phishing emails come in many forms, but the one thing they all have in common is that they contain a payload. 
Usually this will either be an infected attachment that you’re asked to download, or a link to a bogus website, that requests login and other sensitive information.

ITGovernance:           Hoax-Slayer:          Wikipedia

You Might Also Read:

Dealing With Malicious Emails:

By 2021 The Cost Of Cybercrime Will Be $6 Trillion:

 

 

« Free Speech And The Detention Of Julian Assange
Creating A Cyber Incident Response Policy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ForeScout Technologies

ForeScout Technologies

ForeScout delivers pervasive network security by allowing organisations to continuously monitor & mitigate security exposures & cyberattacks.

European Council on Foreign Relations (ECFR)

European Council on Foreign Relations (ECFR)

ECFR is a pan-European think-tank conducting research and promote informed debate on European foreign policy. Cyber security is becoming an intrinsic element of foreign policy debate.

Puppet

Puppet

Puppet is a leader in IT automation. Our software helps DevOps securely automate configuration and management of machines and the software running on them.

Daon

Daon

Daon offers a universal biometric authentication platform for mobile devices.

LMG Security

LMG Security

LMG Security is a cybersecurity consulting, research and training firm.

Zuratrust

Zuratrust

Zuratrust provide protection for all kinds of email related cyber attacks.

Hellenic Accreditation System (ESYD)

Hellenic Accreditation System (ESYD)

ESYD is the national accreditation body for Greece. The directory of members provides details of organisations offering certification services for ISO 27001.

Ergo

Ergo

Ergo is a world-class IT Partner of choice, leveraging the latest technology available in cloud, mobility, big data, analytics, and social media.

SecSign Technologies

SecSign Technologies

SecSign Technologies delivers user authentication, messaging, file sharing, and file storage with next generation security for company networks, websites, platforms, and devices.

Lockheed Martin

Lockheed Martin

Lockheed Martin deliver full-spectrum cyber capabilities and cyber resilient systems to defense, intelligence community and global security customers.

DH2i Company

DH2i Company

DH2i is a leading provider of multi-platform Software Defined Perimeter and Smart Availability software enabling customers to create an entire IT infrastructure that is always-secure and always-on.

Intelligent CloudCare

Intelligent CloudCare

Intelligent CloudCare, a division of IPS, is a full IT Services provider serving the needs of SMBs in the metropolitan New York City region.

Trustmarque

Trustmarque

Trustmarque delivers customer-centric IT solutions that enable better outcomes. We combine the technology, expertise and services to release value at every stage of the IT lifecycle.

NetApp

NetApp

The NetApp portfolio includes intelligent cloud services, data services, and storage infrastructure that helps organizations manage applications and data everywhere across hybrid cloud environments.

Endure Secure

Endure Secure

Endure Secure is a managed cyber security & information security consultancy. Our passion for IS and our understanding of the threat landscape is reflected in the services that we provide.

PROVINTELL Cyber Security

PROVINTELL Cyber Security

PROVINTELL is a Managed Security Service Provider (MSSP) specialising in Next-Gen Cyber Defense and Response to detect and respond to threats.