The problem of encountering fake emails to steal accounts and scams is no longer a strange thing when using Email. Email service providers always receive many support requests from customers on this issue. Often the victims will be appropriated, receive emails containing malicious code, dangerous viruses. Through this article, we want to warn people about tricks and provide methods to avoid phishing email scams.
Currently, the fake Mail information gradually becomes much more sophisticated. Many careless businesses become victims. Leads to a lot of loss of property as well as reputation with customers. Here’s a look at the main scams of this problem.
Table of Contents
Fraudulent email scams
First of all, the user will receive an Email with content that hits the reader’s mind such as:
- “Your account is about to be locked”
- “Many of your messages have not been delivered yet”
- Notification emails from the Admin address require account login/authentication to continue using the service.
- “Log in to free up space about your account”
These content will take you to email login links of reputable sites to increase credibility.
In the example below, the hacker staged an Email with the content “Your Office365 password has expired”
When the user clicks on the icon containing the hidden path. The victim will be taken to a login page with a pre-filled email address. And they will ask you to enter a password.
When the user trusts and enters the password, the hacker has successfully obtained your email information.
Proceed to use information from fake email scams
Once there is information about the email provided by the user on the fake link, the hackers will start using that email for profiteering. Although the forms are different, they still aim at the end goal: money.
Request a currency transfer
When users have stolen account information but still do not recognize. Hackers will track how users use Email. From transaction information with partners and customers. For Currency Transaction Emails, we will configure automatic forwarding. From there, track the user’s email activity over a certain period of time.
Until the necessary information is available, hackers will now take action. First, the hacker will conduct spoofing the money transaction email between the user and the partner. With bank account information changed.
Hackers will send this fake Email with a domain name that is the same or with a few characters wrong. Or even any account, but still display the name of the person who regularly transacts so that the user cannot recognize it. When not carefully checked, users can mistakenly transfer money to these fake information. So the hacker’s trick was successful.
Taking advantage of bulk spamming
In addition, after obtaining the password, the hacker can use the email account to send spam. It could be Bulk Mails or spreading Viruses to other email users.
Leads to the user’s Email domain being blacklisted (Blacklist) by international anti-Spam organizations. Not to mention directly affecting the Email server IP address of the Email service provider. In addition, it also makes users lose credibility with customers.
Ways to avoid phishing via fake email
After learning the tricks of the scam. We would like to provide ways to avoid unnecessary risks of Email security.
- Change your password periodically: Password should be more than 8 characters, including uppercase letters, numbers, and special characters.
- Check your email Forwarding settings and remove suspicious forwarding addresses from your mailbox.
- Install anti-virus software and scan it periodically to prevent hackers from installing malicious software on your computer.
- Always verify information with partners or customers with letters requesting currency transfers. To avoid transferring the wrong account of hackers.
- Do not click on links from unknown emails or attachments. Do not run compressed files containing executable files such as .exe, .dec, .bat, …
- Do not access strange links attached in Email.
- Double check the website link is reliable or not when logging into your email account.
Please note that you only need to re-login the email when it is intended to be used. Email service providers will not ask for login information to authenticate, increase storage, avoid account lockout, etc.
Above are our share of the most common fake email scams. There will still be more sophisticated methods updated daily on our news site. Stay tuned for the latest updates. All for a civilized world using the Internet.
The source: Eye of the storm synthetic