Top 3 Phishing Attacks Use Similar Tricks

By on

Phishing scams are immensely popular and we see millions of phishing messages everyday. Today we offer the top three phishing scams that attempt to steal your web mail credentials.

Web Mail Scam

This scam starts with an email that appears to come from Administrator or Helpdesk and requests that you validate or update your account. Clicking on the link in this message will take you to a fake Outlook Web Access Login page. This page is generally hosted on sites that are created by using free services. Attackers also use vulnerable servers (running CMS) to upload these fake pages, which allow scammers to collect your username and password for their own malicious use.

 

WebMail Phish E-Mail Example

iTunes Scam

This attempt starts with an email purporting to be from the Apple Store. The email informs users that their accounts may have been hijacked. Users are asked to click a link and supply information to restore the account.

Those panicked into clicking the link will be taken to a bogus website that looks like a genuine Apple login page. Attackers often use an “apple.com” string in the link to make the link appear legitimate, for example: hxxp://itunes.id.apple.com.example.com/.

iTunes Phish E-mail

Gmail Scam

This Gmail scam is by far the most sophisticated phishing attack. It also starts with an email that urges readers to view an important document on Google Docs. Clicking the link will take them to a fake Google Docs login page.

Recently, attackers used a Google Drive public folder to upload a fake Google Docs login page and then used Google Drive’s preview feature to get a publicly accessible URL to include in their messages. Because the page is hosted on Google’s server and is served over SSL, the page appears more convincing. After discovering the attack, Google has successfully removed the phishing pages, but the attackers are still using other vulnerable servers to upload the fake login page.

It’s quite common to be prompted with a login page when accessing a Google Docs link, and many people may enter their credentials.

Gmail Phish

An ounce of prevention is worth a pound of cure in dealing with phishing. We advise you to watch for such scams and their modus operandi. You can avoid phishing attacks by following these simple steps:

  • Don’t click on links sent via email messages by someone you don’t know
  • Before entering credentials, always check the URL in the browser’s address bar for authenticity
  • Be careful while sharing sensitive personal information over social networking sites
  • Regularly change your account passwords
  • Never share your account credentials over email or text

McAfee customers are protected against these attacks.

Leave a Comment

Similar articles

Sports fans everywhere look forward to mid-March for the NCAA men’s college basketball tournament. However, it’s not just college basketball fans that look forward to this time of year. Cybercriminals use March to launch malicious campaigns in the hopes of gaining access to personal information from unsuspecting fans. Let’s take a look at the most ...
Read Blog
The risk to your family's healthcare data often begins with that piece of paper on a clipboard your physician or hospital asks you to fill out or in the online application for healthcare you completed. That data gets transferred into a computer where a patient Electronic Health Record (EHR) is created or added to. From ...
Read Blog