Is this the most dangerous phishing scam yet?
Jon Jaroska
VizionSync, LLC CTO; GLXY Software CEO; Construction Management Software and Managed IT Services for Builders & Contractors to Streamline Your Construction Workflow; ITDoneForYou.com Owner; Red Sky Health CTO
Picture this: You're going about your day, checking your emails, when suddenly you see a message from a company you trust.
You think, "Great! That’s safe to read”. But hold on just one minute… this email is not what it seems.
It’s part of yet another scam created by cyber criminals to trick you into clicking malicious links or giving up sensitive info. It's called "SubdoMailing," and it's as dangerous as it sounds.
What's the deal?
Just like regular phishing attacks, cyber criminals pretend to be trusted brands.
But here's how it works: These cyber criminals scour the internet for subdomains of reputable companies. You know those extra bits in a web address that come before the main domain? Such as experience.trustedbrand.com . That ‘experience’ bit is the subdomain.
They find a subdomain that the brand is no longer using and is still pointing to an external domain that’s no longer registered.
领英推荐
Then they buy the domain and set up the scam website.
So, you believe you’re clicking on experience.trustedbrand.com … but you have no idea it automatically redirects to scamwebsite.com .
The criminals are sending out five million emails a day targeting people in businesses just like yours.
And because these emails are coming from what seems like a legit source, they often sail right past usual security checks and land in your inbox.
Here’s our advice to keep you and your data safe and sound:
As always, if you need help with this or any other aspect of your email security, get in touch.
Jon Jaroska Thank you for describing this attack vector! Cybercriminals are increasingly looking for new ways to appear trustworthy, and the described method is one of them. It's important to test and improve employees' security awareness to avoid such threats.