man using smartphone and credit card
Here’s a popular phishing scenario: You receive an email with a link. The link takes you to a phony login page with the name and logo of a legitimate website. Once you submit your username and password, the information is sent straight to the bad guys. Cybercriminals love to use these phony look-alike login pages to steal your credentials and access sensitive information.
Now cybercriminals have developed a way to make look-alike pages even more convincing. Scammers use a special tool to automatically display an organization’s name and logo on the phony login page. They can even use this tool to populate your email address in the corresponding login field. This creates a false sense of security because many legitimate websites remember your username if you have logged in previously.
While this is an advanced attack, you can still stay safe by practicing the tips below:
The prevalence of phishing scams is at an all-time high. It is important to question the legitimacy of every email you receive. Below is a list of questions to ask yourself about any links or attachments on the email that may help you realize that you are being phished.
Are there hyperlinks in the email?
What about attachments?
If you notice anything about the email that alarms you, do not click links, open attachments, or reply. You are the last line of defense to prevent cyber criminals from succeeding.
Grocery delivery services have been quite popular during the COVID-19 pandemic. These services help support social distancing, reduce the number of shoppers in each store, and allow at-risk patrons to safely buy essential items. Unfortunately, the popularity of these delivery services has caught the attention of cybercriminals. The bad guys are now spoofing supermarkets that offer delivery services in hopes of stealing your personal information. It starts with a phishing email that urges you to log in to your supermarket’s website using the link provided. Clicking the link takes you to a fake login page for your local supermarket. The page asks you to select your email provider (Gmail, Apple, and so on) and then log in to connect your account. Don’t be fooled! Connecting your account actually delivers your email credentials to the bad guys.
Remember the following tips:
A new phishing email—seemingly sent from your local government funding agency—is offering phony relief grants to those in need. What makes this scam especially sneaky is that the bad guys use a Dropbox link to disguise their malicious attachment. Dropbox is a legitimate and commonly-used file sharing service. Therefore, the email security filters that your organization has in place may not consider the link as a red flag–increasing the chances of this email landing in your inbox.
The phishing email urges you to click a Dropbox link so you can download a file that supposedly contains information about your relief grant payment. The link even includes an expiration date for an added sense of urgency. If you click the link, then, download and open the phony file, you’re taken to a look-a-like Microsoft 365 login page. If you enter any information on this page it will be sent directly to the scammers.
Remember these tips:
Have you ever noticed the blue checkmark on your favorite celebrity’s social media profile? This checkmark shows that the person has provided documentation to verify their identity. Verification helps you know a real account from a fake—but this tool isn’t just for celebrities. Whether you have a personal social media account or manage one for your organization, being verified can be a great benefit.
To become verified, you are required to provide sensitive information which, unfortunately, makes this process the perfect bait for a phishing attack. Cybercriminals spoof popular social media platforms like Twitter, Instagram, and YouTube by sending out fake verification emails. The emails include a link that, when clicked, takes you to a convincing verification form. Here you’ll be asked for things like your username, organization, password, gender, and more. Anything entered on this page is sent directly to the bad guys.
Stay safe from this fake verification scam with these tips:
The bad guys are automating robocall scams worldwide. Recently, there has been a rise in this type of fraud. They have a variety of attacks that you should watch out for. Here are a few examples:
Remember the following to avoid robocall scams:
Think Before You Pick Up!
The bad guys have come up with a scam to steal your Social Security Number (SSN). These fraudulent vishing, or “voice phishing” attempts often appear to come from the actual Social Security Administration (SSA) number–but the scammers are faking it.
When you answer the phone, the bad guys claim that your SSN has been suspended due to suspicious activity or involvement in criminal activity. They’ll also claim your bank account will be seized, to shock you into action. The scammers will then ask you to confirm your SSN in order to reactivate it–don’t fall for this trick!
Remember the following facts to avoid falling for this SSN scam:
Always think twice before sharing your sensitive information with strangers!
If you’ve ever used social media to make a complaint about a company, you’d know that many organizations are quick to respond to this public expression. But have you ever stopped to question whether the account responding to your concern is really someone from the company?
Recently, fraudsters have taken to social media platforms to trick people into falling for their “help” and giving away their personal information. For example, a woman was upset with her broadband services so she took to Twitter to complain about her provider. She promptly received a response from an account appearing to be the customer service team for this company. The “customer service team” was able to gain personal information, and even banking information from her by using lines like: “I’m having trouble locating your account” and “I’ll first need to ask you a security question”. The woman soon found her bank account emptied out and several loans taken out under her name.
Clearly, this customer service team wasn’t helping anyone aside from themselves.
Remember the following to protect yourself: