Cybercriminals love using phishing attacks to find new victims. One reason is that it's super easy to target a massive amount of people in a very short period of time. Once a fraudulent email or text message is created, it can be sent to an unlimited number of recipients quickly.
A perfect example is a spoofed email claiming to be from a financial institution that is being circulated right now. The attackers sent more than 75,000 of these emails in less than half an hour. You really need to watch out for this attack, it's extremely authentic looking.
What's the latest phishing email making the rounds?
We're talking about a phishing campaign that began in the U.K. targeting customers of Lloyds Bank. Unfortunately, the phishing scam is now spreading across the U.S.
Scammers are sending fraudulent emails purporting to be from the recipient's banking institution. The email looks like a bill that is due and has either a PDF, Excel or Word document attached with more details. If you click on the link, a Trickbot banking Trojan will be installed onto your gadget.
Once the Trojan infects a victim's gadget, malware runs in the background, waiting for the user to visit their banking website. When they try to visit their bank online, Trickbot sends them to a spoofed site. It looks official so a large number of people are falling for it.
The spoofed site requires the user to enter their banking credentials. When they do, they're just handing them over to the cybercriminals.
Image: Example of banking phishing email. (Source: Flashpoint)
As you can see from the above example, the email looks quite official. The best thing you can do to stay safe is to NOT click on links within emails that are unsolicited. If you need to correspond with your financial institution, call its phone number listed on the back of your credit or debit card.
How to protect against phishing attacks:
- Be cautious with links - If you get an email or notification that you find suspicious, don't click on its links. It could be a phishing attack. It's always better to type a website's address directly into a browser than clicking on a link.
- Do NOT enable macros - You should never download PDF, Word or Excel files attached to unsolicited emails to begin with. If you do open one of these documents and it says that you need to turn on macros, close the file and delete it immediately.
- Watch for typos - Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos. Take our phishing IQ test to see if you can spot a fake email.
- Use unique passwords - Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it's simple for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.
- Set up two-factor authentication - Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
- Check your online accounts - The site Have I Been Pwned allows you to check if your email address has been compromised in a data breach.
- Have strong security software - Having strong protection on your gadgets is very important. The best defense against digital threats is strong security software.