Via CPO Magazine
A new study has shown that hackers have created over 50,000 fake log-in pages of over 200 companies like PayPal, Microsoft, Facebook, eBay, and more in order to steal credentials and sensitive information.
Phishing attacks are some of the most common online attacks and they’re most often carried out via email. Hackers will impersonate a brand, pretend to be support and ask victims to log in to their account using a link to a fake log-in page. These emails often create urgency and will even fabricate scenarios to encourage victims to log in as soon as possible.
Once a victim clicks through, they enter their log-in credentials, not knowing that they just provided those sensitive details to a hacker instead.
This new study shines a light into the kinds of companies that are being impersonated. The most common log-in pages impersonated PayPal with over 11,000 pages found. However, Microsoft wasn’t far behind with several different kinds of log-in pages found, including Office 365, Share Point, and One Drive log-in pages. Other brands included consumer brands like Facebook, Apple, Adobe and financial companies, like Wells Fargo, and Chase.
Security researchers maintain that many phishing attacks target employees at organizations using some of these products so if your organization is using Microsoft Office 365, know that you may be at an elevated risk.
In order to spot these phishing attacks and emails, there are some key indicators to look for.
- Check who’s sending the email. This is often a dead giveaway. If you don’t recognize the sender or if the Microsoft email isn’t coming from a Microsoft web address, delete it.
- Look at the email itself. If the email is riddled with typos, mentions a scenario that wouldn’t apply to you, or looks suspicious, don’t take it seriously.
- Be extremely careful before clicking a link. Phishing links don’t only link to fake log-in pages, they may lead to more dangerous pages that may drop malware onto your device.
For more details, visit CPO Magazine.