ESET Ireland has been following a surge of phishing emails redirecting users to faked banking, PayPal and Microsoft account sites for harvesting login details, including a username and password.
Although a surprisingly large number of people still use passwords like “12345” or “password” for their various accounts, cybercriminals have taken an easier route than trying to hack into peoples’ accounts. “Ask and you shall receive” seems to be their motto, so they send out emails that pretend to be coming from legitimate sites, notify the user of some unusual activity, and ask them to confirm or deny that activity by “signing into the service”. Except that the service in question isn’t actually there but a faked site instead, which diligently logs all usernames and passwords entered and delivers them to happy scammers.
In the past weeks, ESET Ireland has received several different emails of the same nature, and here are some examples:
1. An email purporting to come from Bank of Ireland, claiming your account requires an update and providing a fake link “Click here to complete update”. The email has some bad spelling errors that give it away.
2. An email pretending to be from iTunes thanking you for purchasing “World Of Go” for €9.65 , then adding “If you did not authorize this purchase, please visit the iTunes Payment Cancellation Form within the next 12 hours in order to cancel the payment,” which requires you to “log in” to the fake iTunes site.
3. An email looking like a detailed payment receipt, mimicking PayPal, with all the usual PayPal visual clues, claiming you paid $208.00 USD to Agoda Company online hotel booking site, adding “If you haven’t authorized this charge, click the link below to dispute transaction and get full refund – Dispute transaction (Encrypted Link).” The link, of course, isn’t encrypted and simply leads to a PayPal lookalike login harvesting site.
4. An email abusing Microsoft’s name, with the subject line “Microsoft account unusual sign-in activity” that claims they detected unusual sign-in activity into your account, supposedly from South Africa, which is meant to make people suspicious. It then offers a solution: “If you’re not sure this was you, a malicious user might have your password. Please verify your account, and we’ll help you take corrective action.” Of course the only action they’ll be taking is signing into your account with the login details you just provided.
What should you do?
First of all, stay informed. The scams you know about are less likely to catch you off guard. We regularly keep you updated on our blog.eset.ie.
Read such mails carefully, checking for clues. If the email has spelling errors or uses poor language, it is likely a scam. A lot of the scammers come from countries where English is not their first language, thereby giving themselves away. Also, the same goes for Gaeilge, where they likely used Google translate to try to fool native Irish speakers.
Do not click on links in emails. Even if you do have a Microsoft account and are alarmed by the email, you would be better off opening your browser and going to Microsoft’s official site directly. Also make sure the website’s address looks correct. In the case of the fake Microsoft one above, the website address reads “yazarlarparlamentosu.org”, which is clearly not “windows.microsoft.com”
If you suspect you may have fallen for one of these tricks, change your passwords. You should change them periodically anyway.
If the email you received looks like it’s coming from your bank, pick up the phone and ring them instead of just clicking on an unknown link. Banks are accustomed to scams like these and will be happy to advise you appropriately.
Think before you click, and enjoy safer technology!
For images of examples above, go here: http://blog.eset.ie/2014/07/15/how-to-hack-someones-account/.