Phishing attacks can be multifaceted and layered.
Jason Murrell
Cybersecurity Leader | Chair at Australian Cyber Network | Chair at DSI (SMB1001) | Founder at MurFin | Advocate for SMB Protection & Growth | ‘Cyber Team Australia’ Strategist | Speaker & Thought Leader | Innovator
As ‘traditional’ phishing and online scams become easier to spot, cyber criminals are trying out more elaborate methods to avoid detection and slip under the guard of unsuspecting targets.
One of those methods is to send emails containing a fake OneDrive Business page. This fake page prompts the user to click an ‘Open’ button to view a message contained within. They’re then taken to a fake OneDrive page that asks the user to log in with their ‘professional email login’.
As soon as the user enters their OneDrive username and password into the fake site, the attackers have all the information they need.
They can now access the user's account and all the information within, and can attempt to break into other accounts using the same stolen details.
To the untrained eye, the page may appear entirely legitimate. However, on closer inspection of the URL for the alleged OneDrive login page, you can usually find a minor or discrete change that shows that it is not an official Microsoft address. It can be as small as a zero replacing the letter O, or an 'i' in place of an 'l'.
If the user notices one of these small differences, alarm bells should be ringing! They should immediately exit the site and avoid entering any further information.
To protect people from falling victim to these types of online scams, make sure they never click on suspicious links and/or download attachments from unknown sources.
On top of all this and across the phishing-scam board, there are many other signs to look out for, including;
* A generic greeting;
* Poor grammar;
* A mismatched URL within the email;
* Threatening or urgent language;
* Claims of prizes and/or a request for personal information.
Make sure you keep all of your people up to date with the latest attack vectors and maintain a cyber aware culture.
The easiest way to notice any of the above red flags is to expect them on every email
And always have a safety-first culture in the business’ conscience.
Remember to always play it safe. We are all just a click or two away from a potential disaster!
#cyberaware #phishing #cyber
CEO of WZIS Software -- making your Linux/AIX/Solaris/MacOS significantly more secure
5 年Microsoft's outlook does not provide any help for user to combat phishing attacks. That's really bad.