According to recent reports, phishing attacks that use brand impersonation are at an all-time high. Cyber criminals are posing as familiar companies so they can trick you and get access to your account in order to steal sensitive data or target additional employees.
Here’s how it typically happens: Attackers send you a standard-looking email appearing to be from a service or company that you use, such as Office 365. Clicking the link in the email will take you to a fake (but very realistic) login page. The most deceiving part of some of these fake pages is that the web address appears to be safe. The URL may end with a legitimate domain like “windows.net”, because the bad guys are hosting these pages with Microsoft’s Azure cloud services. If you enter your information here, the bad guys will gain access to one or more of your accounts which they can use to steal data or plan further attacks on your organization.
Remember the following to protect yourself from your inbox:
- Look out for strange or suspicious domains in sender addresses. Even if the domain looks legitimate, check again. Does the email say “micronsoft.com” instead of “microsoft.com”?
- Before clicking, always hover over links to see where they are taking you. Never click on a link in a message unless you’re certain the sender is legitimate.
- Whenever you get an email from an online service you use, log in to your account through your browser (not through links in the email) to check whether the email message is valid.
Stop, Look, and Think. Don’t be fooled.