In recent years, service providers like PayPal, Twitter, Microsoft, and Facebook have begun sending users emails to notify them of suspicious account activity. iTunes and Google will contact you when your account is signed in to on an unfamiliar device. Most of these emails don’t require a response. They’re just the provider’s way of trying to help keep your personal information safe.
More and more service providers are adopting this approach. Cybercriminals have noticed this trend, and they’ve started using it to their advantage.
Lookalike emails have been finding their way into users’ inboxes. Most of these emails are haphazard and sloppy, the same low quality, minimal effort approach we’ve come to expect from hackers and scammers. But there have been a few reports of emails that mimic legitimate notifications so closely that the average user wouldn’t think to question it. And they’ve been fooling people.
These “good” fakes have been prompting unsuspecting users to click a link that they’ve been informed will bring them to a page on the service provider’s site, where they can verify recent account activity. Once they’ve entered their login credentials… well, there will definitely be some suspicious activity to worry about now.
This newest scam feels like a natural progression from the pop-ups and cold call phone campaigns that have been the phishing scammers’ bread and butter for years. And a few of these scammers have really started to step up their game. An email has surfaced posing as a Windows User Report that, instead of providing a link to a phishing site, instructs the user to call a 1-800 number. This email also comes with a link for a remote support site, presumably so that once the victim calls to speak to a “tech support representative”, they can hand over control of their computer to the scammer.
This is where things start to get really scary. A large number of businesses handle IT issues with remote support, either from in-house staff in another part of the building, or from a Managed Services Provider. If one of these bogus emails pops up in an employee’s inbox, they’re not just handing a cybercriminal access to their laptop; they’re exposing your entire network to potential data theft.
Because scams like this exist, it’s more important than ever to make sure your employees receive top-notch security awareness training. Most cybercriminals rely almost entirely on human error to get what they want. By giving your staff the knowledge and tools to outsmart scammers, you’re taking a huge step towards making your business safer.
Have questions about ways you can protect your business from cyber crime? Contact us today at firstname.lastname@example.org or (561) 432-7823.