Scam of the week: Brand impersonation attacks are at an all-time high
According to recent reports, phishing attacks that use brand impersonation are at an all-time high. Cyber criminals are posing as familiar companies so they can trick you and get access to your account to steal sensitive data or target additional employees.
Here’s how it typically happens:
Attackers send you a standard-looking email that appears to come from a service or company you use, such as Office 365. Clicking the link in the email will take you to a fake (but realistic-looking) login page. The most deceiving part of these fake pages is that the web address appears to be safe. The URL may end with the legitimate domain link ‘windows.net,’ because scammers are hosting these pages with Microsoft's Azure cloud services. If you enter your information, the scammer will gain access to one or more of your accounts, which they can use to steal data or plan further attacks on your organization.
Here’s how to protect yourself:
- Look out for strange or suspicious domains in sender addresses.
- Even if the domain looks legitimate, check again.
- Look closely at the email address: is it spelled incorrectly? (e.g. ‘micronsoft.com’ instead of ‘microsoft.com’)
- Before clicking, always hover over links to see where they are taking you.
- Never click on a link in a message unless you're certain the sender is legitimate.
- Whenever you get an email from an online service you use, log in to your account through your browser (not through links in the email) to check whether the email message is valid.
Don’t be fooled; stop, look and think before you click!