Infosec Cloud
Solutions. Services. Training.

The 'chat' from the cloud

Keep up-to-date with the latest trends, hints and tips on cloud-based security

Beware of login links in emails

Date: Dec 14, 2015

Category: Blog

Guest Post: Paul Ducklin, Sophos.

You’ve heard of phishing.

It’s where crooks “fish” for personal details you wouldn’t give them if they asked outright – information such as date of birth, ID number, login name, password, bank account number and so forth.

Most phishing happens by email, and the process is surprisingly simple and effective.

The crooks send you a lure, such as free stuff (like an iPhone), or a warning (like suspicious activity on your bank account), or a scare (like an invoice for an iTunes purchase you know you didn’t make).

The email’s goal is to get you to take action right away…

…and it handily provides a clickable link for the purpose, which takes you to a signup page (to register for the iPhone), or a login screen (for internet banking), or an account summary page (to contest the fraudulent purchase).

If the cyber criminals have done their homework, the web form that appears will look spot on, because the crooks usually rip off the layout, the logos and the JavaScript straight from your bank, or from iTunes, or wherever.

So you willingly, if imprudently, enter your personal details, your password, and so on, and click [Submit].

Only then do you find out that you just submitted the web form to a bunch of crooks instead of to the real site.

With a bit of care, you can usually spot a fake web page fairly easily, for example because the website name in the address bar will be wrong, or the web page will be unencrypted (no padlock), or simply because it “looks a bit dodgy.”

But here’s an even easier way to protect yourself: don’t click login links in emails in the first place!

Make sure your IT Users are cyber savvy and your organisation protected – Book a free IT Security Awareness Training demo >>

Comments are closed.

  • Employee GDPR Awareness Training

  •  Identity-as-a-Service (IDaaS) solution

  • Tokenless Strong Authentication (MFA)

  • Next Gen Endpoint Security

  • Enquiry LinkedIn Spiceworks