A little over a week into the new year and almost like clockwork, cybercriminals are already busy making the rounds with their latest scams. If it isn’t an attempt at stealing your identity, it’s a scam to pilfer your passwords.
Even with sophisticated security measures in place, governments, businesses and individuals alike can fall victim to any number of schemes — including one of the most common cyberthreats: phishing. Tap or click to learn what you need to know to stay safe online.
The newest phishing scam to hit inboxes capitalizes on the recent story of possible Iranian cyberattacks. Tap or click here to learn more about the attacks. Here’s what you need to know to avoid falling for this trick.
Microsoft phishing scam
The phishing email disguises itself as a message from Microsoft MSA with the subject line “Email users hit by Iran cyberattack.” The message claims Microsoft was hit by an Iranian cyberattack, so Microsoft locked users out of their accounts to protect their data.
Of course, the email requests users re-login to gain full access to their accounts. The phishing scheme includes a button at the end of the email labeled “Restore Data.” It redirects victims to a landing page that looks like a legitimate Microsoft login form.
Once people input their information, scammers use it to access the account. If the victim uses the same credentials for other websites, the cybercriminal can access even more information or sell the login information online.
If you think your email filters will be enough protection, think again. One victim noted the scam was able to bypass Outlook’s spam filters to show up in his inbox.
How you can protect yourself
As with any cyberthreat, you must take steps to protect your system, device and sensitive data. Tap or click to learn about the hidden costs of unsecured data.
Here are several phishing email red flags and what actions you should take:
- Never open or download any suspicious emails or attachments.
- If you inadvertently open a questionable email, never click any links included within the message. (As shown in the Microsoft phishing scam, one click on the Restore Data button and your login credentials will end up in the wrong hands.)
- Check the sender’s email address. While they often look legitimate, hackers have become adept at changing a character or two that still makes the address appear genuine. This also rings true for URLs.
- Check spelling within messages. Most phishing emails contain grammatical and spelling errors.
- Use unique passwords. If you use the same password for all your online accounts and your login info is comprised, hackers could have all they need to access all of your accounts. Tap or click to learn the five new rules for creating the best passwords.
- Never send payments or reply with personal information.
Beware of other exploits
Scammers are taking advantage of Americans’ fear of a new war spurred by Iranian cyberattacks, but cybercriminals aren’t the only ones trying to fool you. People are taking to social media to promote misinformation about the Iranian missile attack on U.S. bases in Iraq.
Some Twitter and Instagram users have posted “authentic” images and videos of the attack, but a quick Google reverse image search reveals they are outdated photos or videos taken in other countries.
Others even report numbers of “known causalities and injuries” without verification. Scammers are making things worse by sending text messages claiming Americans have been drafted into the military. Tap or click here to see what the U.S. Army has to say about these messages.
Should you believe everything you read or hear? Of course not. Our advice is to be wary and always fact-check claims you read about online.