It has been reported that con artists have been targeting PayPal users with fake payment confirmations, according to the Better Business Bureau. The emails contain links that allow the scammers to install malicious malware on users computers. BBB says the scams look like legitimate emails, and con artists use those emails to access banking and financial information.
According to a Deloitte survey, UK consumers are the most active online spenders in Europe, spending nearly £1bn a week online. With various reports citing upwards of 50% of people shop online during working hours, and given that many more may be inclined to do so in the run up to Christmas, these well-timed phishing scams could inadvertently impact an organisation’s network. Eyal Benishti, CEO and Founder at IRONSCALES commented below.
Eyal Benishti, CEO and Founder at IRONSCALES:
“This campaign is just another example of how fraudsters will impersonate a legitimate company, in order to exploit end users into giving them access to their machines, and consequently their personal details. Impersonation and spoofing techniques such as these, executed well by the attackers, make it virtually impossible for every individual targeted to spot threatening emails, and as a result, they are more likely to be lured into a false sense of security, and fall victim to the scam.
As these techniques increasingly succeed, attackers will continue to use this attack vector so it is vital organisations help their users spot and correctly act upon nefarious emails, before they endanger not only their own information, but the organisation as a whole, or even compromise partner businesses. To spot the anomalies common in spoofing and impersonation techniques, user behaviour analysis and mailbox segmentation can be employed, alongside running mailbox level detection, and utilising context based mail alerts, which, by allowing quick reporting via an augmented email experience, will help users make smarter decisions.
It goes without saying that users must be aware of the risks and reminded that they should never click a link in an email they believe could be illegitimate. If in doubt, the advice is to call the company directly for clarification, or if at work, contact the IT Department immediately- it could prevent them from falling victim, and protect the organisation from a potential cybersecurity crisis.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.