Recently we’ve seen an increase in the number of attempts by cyber criminals to obtain users’ information for cloud services, like Google Apps and Yahoo! Mail via phishing emails.
So first, what is phishing?
Phishing is most commonly done through email, and is a way for malicious parties obtain your information. In short, you get an email that pretends (often very convincingly) to be from someone that you trust and tricks you into revealing something secret or doing something that you shouldn’t. These fake emails, and fake websites, can look VERY real and are carefully crafted to fool even wary users. These emails most often try to obtain your username and password for online accounts, from there gaining access to personal information to commit identity theft, compromise financial information, install malware on your computer, or worm their way into your company’s secure systems.
If these emails are coming to your work email, they will often claim to contain a link to a document shared with you by a co-worker or financial institution, someone that you trust.
A recent example we’ve seen resembled the following:
The link in the email directs you to a website, like mentioned above, that looks remarkably like the login page for Google Drive, and prompts you to enter your login credentials. While this particular example would direct you to Google Drive this can and has been done for many of the cloud services like Dropbox, online banking, and so forth.
If you’re using Gmail or Google Apps for your email, you may be alerted proactively when opening one of these messages. Gmail has its own system that works like their spam filter, and attempts to automatically display warnings to ensure you’re not giving personal information to the wrong people. Other email providers are increasingly using similar rules and filters in an attempt to flag suspicious messages, but they’re definitely not perfect.
If you think you’ve received one of these emails, there are a couple things to look out for that can help decide if it’s legitimate or not.
Check the URLs
While our example above uses the obvious “maliciouswebsite.is” domain name and would be easily spotted, criminals are usually cleverer than that these days. But you can still often tell a phishing email by hovering over the link and seeing if the link actually leads somewhere other than where it claims- if it does, it’s a phishing email!
Be Wary of Urgent Calls to Action
These cyber criminals like to use phrases like “urgent”, “now” and “action required” to trick you and overwhelm any natural wariness. If you get an email like this and are concerned about actually missing out on an urgent piece of information, just visit the entity’s web site or call them directly to inquire rather than following a suspicious link blindly.
Since most of these emails are sent out in mass quantities, they will generally not use your name directly. Greetings like “Dear Customer” and non-personal wording can be an indicator that something is wrong. This one isn’t foolproof as so-called “spearphishing” attacks carefully targeted at specific people are becoming more and more prevalent.
Talk to the Person
Like we said above- if in doubt, reach out to the supposed sending party via a medium that you trust. Calling the company’s main phone number, going directly to their web site by typing in their actual web address, etc.
If you look at all these factors and decide that you are looking at a phishing email, delete it immediately. Under no circumstances should you click the link or supply credentials to any site that was linked in the email. Entering your credentials into fake logins will give these criminals access to personal information and accounts, and may even lead to them sending out phishing emails to all of your contacts as well.
What else can I do to protect myself?
- Use caution when clicking links in emails or opening email attachments. The US Computer Emergency Readiness Team provides a good document on Recognizing and Avoiding Email Scams as well as this information from US-CERT for more on malicious attachments.
- Make sure your anti-virus software is installed and up to date.
- Set a browser bookmark for the login page of any cloud service you or your organization uses. If you receive an email containing a link you’re unsure about, skip clicking the link and use your bookmark.
- Use two-factor authentication, if available.
- Keep operating systems up to date.
If you have any questions about these scams, two-factor authentication, or finding more ways to keep your systems secure, don’t hesitate to reach out to us!