Alert: Cybercriminals are exploiting Google Drive to launch a phishing campaign.
Google Drive is a really convenient way to store, share, and collaborate on all kinds of files these days, which means that like anything popular, scammers are thinking of ways to exploit it. Scammers this time have created a modified version of the standard Google Drive login page, and are sending it out in fake emails which claim that you’ve been sent a new document that you should check out. The bogus site takes details for various email services, including Gmail, Yahoo, Hotmail and more.
When victims click on the “Sign In” button, login credentials are sent to a separate server which is controlled by the scammers. This attack works on mobile as well as fixed devices.
Who are the poor people being targeted?
You’re probably wondering who gets targeted by these phishing attempts, and whether you need to stay alert for these fake emails. The CM Security Research Lab has identified three categories of people that cyber criminals would keep an eye on.
People who easily give up their personal info
If you’re an easily trusting person who would easily give away your personal info for things like free giveaways, or if you enter your credentials when sites asks without giving it a second thought, then boom, hackers want you so bad!
Members of a compromised service
In 2014, eBay, Home Depot, Dairy Queen, and Kmart were all attacked by hackers who managed to steal various amounts of user’s personal data. Once hackers get your email address, they won’t let you go!
Users of email, phone services and social media
Hackers also use certain tools to generate different email addresses and phone numbers so that they always have fresh ways to conduct attacks. They’re also active on social media, which worldwide has 1.82 billion users.
You may have noticed that these 3 categories will include you and almost everybody that you know! (Unless you don’t use the internet, don’t use a credit card, or proudly consider yourself a luddite)
How can we identify phishing scams?
Scams are scams, they always have clues to identify them no matter how well designed they are. The CM Security Research Lab have some tips for how to spot them.
Look at the header:
Simply hover your mouse cursor over the name in the From column. By doing so, you will be able to tell if the email is from a recognizable domain that is linked to the actual sender name. For example, an email from Match.com should typically have the From domain of "match.com" (not "mutch.com" or “humbletemper.com").
Also take notice of the To field, to see if the email was sent to undisclosed-recipients or a large number of recipients. Phishing emails usually address many people at once for efficiency.
Look at the content:
Phishing emails like to use generic greetings, like "Dear Customer”, and ask for personal information. If your bank sends you an official correspondence, it should have your full name on it. Also remember that most businesses don’t ask for personal information by phone or over email.
Look at the general tone of the message:
If the tone of the email or site is very urgent (e.g. your bank says it wll cancel your account), or if the content seems too good to be true ( e.g. Offering a free holiday for giving up your personal info), or if it’s about celebrity gossip or deaths it’s likely that it’s just a scam.
So, my fellows, if you still feel confused you can use "CM Browser", which has an anti-phishing feature to help you identify these kinds of scam sites.
Reviewed by Alexis Abana
on
Thursday, November 27, 2014
Rating:
No comments: