Phishing scams are among the most diversified and dynamic cyber attacks that depict the creativity of scammers. Since most phishing scams are seemingly easy to detect, the perpetrators utilise ever changing tactics to trick users. Once again, a new phishing scam has surfaced online that lures users by generating an ‘encrypted message received’ alert.
‘Encrypted Message Received’ Phishing Trick
Reportedly, Bleeping Computer has spotted a new phishing campaign that tricks users by generating ‘encrypted message received’ alerts.
The scam seems carefully crafted to bluff most users as it appears like an email from the email server. The malicious email prompts the users about an ‘encrypted message’ received to them.
Source: BleepingComputer
When a user clicks on the ‘View Encrypted Email’ link, it then redirects the users to a fake OneDrive web page, further requiring the user to click on the ‘Open’ button.
Source: BleepingComputer
Once clicked, the user then sees a fake OneDrive login page, where the user should supposedly enter the credentials.
Source: BleepingComputer
Once the user enters the ‘email login credentials’, he or she gets nothing. Whereas, the attackers seamlessly get the victim email credentials!
Protect Yourself From Email Phishing
Phishing attacks aren’t anything new. The bad actors love to leverage every potential opportunity to prey on innocent users, especially when it comes to hacking login credentials and financial details. With a little vigilance, users can easily protect themselves from falling prey to such phishing attacks.
For ready reference, here we quickly review the precautionary steps one must never forget.
- Be very careful while opening emails from untrusted or unknown senders.
- Double check the sender’s email address to confirm if the email belongs to an official account.
- NEVER CLICK ON ANY LINKS OR ATTACHMENTS IN EMAILS FROM UNKNOWN SENDERS. Even if you doubt that the email belongs to your mail server, your bank, or your office, you can always contact the suspected source via other means to check the authenticity of the email.
- Even if you click on the link, make sure not to enter your login credentials when required.
- In case of attachments, never download any executable files, no matter how important they seem.
Take your time to comment on this article.
Posted from my blog with SteemPress : https://latesthackingnews.com/2019/06/20/a-new-phishing-scam-states-encrypted-message-received-to-trick-the-victim/