With scams constantly making their way into your inbox, it’s a good idea to stay on top what’s circulating. If a particular sham goes viral, we’ll tell you about it at Komando.com.
Most phishing emails usually have some type of “tell” that give away the fact it’s a scam. Criminals are getting smarter. This latest trick is so subtle, we almost missed it.
Phishers incorporate sophisticated tools that help them pull the wool right over our eyes. In fact, they’ve started using a clever trick in phishing emails that make them nearly impossible to spot.
Phishing emails are more dangerous than ever
When we first started warning you about phishing emails years ago, they were much easier to spot. Criminals were more careless back then and would send messages full of typos and bad grammar.
Fast forward to today and criminals are using sophisticated tools to spoof messages and websites that make them look official. You might get an email that contains the official logo from a company with perfect language that seems legit.
Well, things are getting even more complicated now. A Twitter account with the handle, “Phishing Phighter,” recently posted a warning about clever new phishing attacks.
As the tweet points out, anti-phishing advice from almost everyone is “Make sure you check the URL.” That means before clicking a link, hover your cursor over it to see the URL that it’s going to send you to. But that isn’t foolproof anymore.
What’s happening now is, scammers are spoofing website URLs and making one little tweak that you might not notice. The web address is spelled correctly, but instead of using all of the proper letters, they’re replacing at least one with an ALT code that adds an accent.
For example: instead of using a typical lower case e like you find in the word Facebook, a scammer could replace it with an é. Notice the little accent mark on top of the e.
Anyone can do this by holding the Alt key and typing 0233. It results in what’s called the “e acute” ALT code. So instead of going to the official Facebook page, you could be clicking on a link to a spoofed Facébook page.
Would you even notice? And there are more Alt codes for other letters to worry about. They could be used to spoof pretty much any website out there.
Check out the following tweet posted by the Phishing Phighter account:
Allow me to make it a little easier for you kids. pic.twitter.com/xmTXiyL1Df
— Phishing Phighter ♂️ (@Paul__Walsh) January 10, 2019
As you can see, the tweet focused on the site MyEtherWallet and shows a number of spoofed address samples. It’s a site that lets people control their cryptocurrency funds. Which makes it extremely critical that you don’t wind up at a spoofed site that would let scammers rip you off.
Not only that, but if you enter your credentials on a spoofed site and use the same credentials on other websites, crooks can take advantage of them to get into those sites also. Just horrible results all around.
Is there anything we can do to defeat a phishing attack?
Be cautious with links
Do not follow web links in unsolicited email messages, it could be a phishing attack. This is especially true now that we know some web addresses are being spoofed with special characters that make them extremely hard to spot.
If you need to conduct business with any company, it’s always best to type its web address directly into your browser. Never trust a link that’s inside a message.
Use unique passwords
Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen from one site and you use the same username and/or password on others, it’s easy for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.
Safeguard sensitive data
Unsuspecting people are mistakenly handing over sensitive information to scammers all too often. If you receive an unsolicited email, do not send payment or reply with personal information. You don’t want it to fall into the hands of criminals.
If a company that you do business with on a regular basis emails you and asks for personal information, type the company’s official web address into your browser and go there directly to be safe.