Hackers are always on the lookout for new ways to freshen up time-tested techniques. Where time-tested techniques are concerned, few are older than the humble phishing email.
In one form or another, it seeks to trick an unsuspecting user to innocently hand over sensitive information, like usernames and passwords that the hacker can then use later for any purpose.
The latest variant on the phishing attack
This is an old chestnut that sends what appears to be a legitimate email, politely informing the user that they've received a number of confidential emails that are currently being held for them on a server. They're given the choice to either refuse these messages, accept them, or delete them.
This is a case, however, of all roads leading to the same destination. Whichever linked option is chosen, the user will be routed to a mock-up of a Microsoft Outlook login screen where the user will be prompted to enter his or her credentials. As you might suspect, there are no actual emails, and the only purpose this box serves is to capture the information for later use.
If there's a silver lining to this attack, it is that all of the samples that have been collected so far have the faux login box hosted on a hacked domain. Careful users will quickly note that they haven't been taken to Microsoft's domain and the game will be up.
Unfortunately, 'careful' does not describe the vast majority of internet users, and this ploy has already taken in its fair share of victims.
Make sure your IT staff is aware of this latest iteration in the ongoing evolution of the phishing email. It wouldn't hurt to send a company-wide communication to all employees so that it's at the forefront of everyone's minds. It only takes one person to slip up and a hacker could gain access to your company's network. That's never a good thing.
NOTE: Ask us about our new inexpensive and effective Webroot Security Awareness Training.
Meanwhile, check out this report
This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them
I am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting soon.
Contact me if you would like me to speak at your association.