Almost everyone has heard of phishing, the process of using a misleading email in order to lead users to harmful content. These scams place individuals at risk of identity theft and place businesses at risk of being held hostage to attackers. As we have gotten better at spotting malicious messages, so too have phishers honed their craft. Be sure to be on the lookout for some of these latest efforts to compromise users systems and spread havoc on the internet
Attacks Using Your Contacts
One of the latest twists in phisher’s strategy is to send their attacks from compromised addresses in your contacts. This means that you will be presented with an email that is, at least on the surface, from someone you know and trust. Even some of the most experienced email users have fallen for this attack, so it’s important to know what to look for so you can avoid becoming a victim yourself. These emails have what seems to be a pdf document attached, but if users open it they are sent to a malicious site.
The best way to avoid falling victim to this attack is to keep an eye on your address bar. The attack launches what looks like a legitimate Google link, but savvy users will notice something is wrong about the address. Rather than starting with the standard www or http it instead begins with data:text. This is a clear sign that you are being funneled toward an identity theft operation. The browser will then open what looks like a legitimate Google login, but this is a trap to steal your Google account information and use it toward nefarious purposes.
Protect Yourself from Phishing
With even experienced users falling for this trick, what can you do to prevent yourself from becoming a victim of this scam? Thankfully there are a few measures that anyone can take to protect themselves. These include:
- Know Your Friends – everyone writes with a style of their own. If the subject of the email or body of text don’t seem to quite match the style your contact has used in the past, then you should be extra wary of opening any links or attachments. It may even be worth your time to reach out to your contact and ask if they sent you that email to ensure it is safe.
- Bad Grammar = Bad News – phishing scams are notorious for bad grammar and typos. While most people take some liberties with grammar in the online world, an email riddled with mistakes is a sign that it did not come from your contact
- Avoid Using the Same Password – One of the best ways to protect yourself is to recognize that, despite your best efforts, there is a risk that you fall victim to a phishing scam. Use different passwords for different sites, especially for any online banking you do. This will protect you from the worst effects of the scam should you accidentally become entangled in it.