[BreachExchange] A New Phishing Scam States ‘Encrypted Message Received’ To Trick The Victim

[Destry Winant]

https://latesthackingnews.com/2019/06/20/a-new-phishing-scam-states-encrypted-message-received-to-trick-the-victim/

Phishing scams are among the most diversified and dynamic cyber
attacks that depict the creativity of scammers. Since most phishing
scams are seemingly easy to detect, the perpetrators utilise ever
changing tactics to trick users. Once again, a new phishing scam has
surfaced online that lures users by generating an ‘encrypted message
received’ alert.

‘Encrypted Message Received’ Phishing Trick

Reportedly, Bleeping Computer has spotted a new phishing campaign that
tricks users by generating ‘encrypted message received’ alerts.

The scam seems carefully crafted to bluff most users as it appears
like an email from the email server. The malicious email prompts the
users about an ‘encrypted message’ received to them.

When a user clicks on the ‘View Encrypted Email’ link, it then
redirects the users to a fake OneDrive web page, further requiring the
user to click on the ‘Open’ button.

Once clicked, the user then sees a fake OneDrive login page, where the
user should supposedly enter the credentials.

Once the user enters the ‘email login credentials’, he or she gets
nothing. Whereas, the attackers seamlessly get the victim email
credentials!

Protect Yourself From Email Phishing

Phishing attacks aren’t anything new. The bad actors love to leverage
every potential opportunity to prey on innocent users, especially when
it comes to hacking login credentials and financial details. With a
little vigilance, users can easily protect themselves from falling
prey to such phishing attacks.

For ready reference, here we quickly review the precautionary steps
one must never forget.

- Be very careful while opening emails from untrusted or unknown senders.
- Double check the sender’s email address to confirm if the email
belongs to an official account.
- NEVER CLICK ON ANY LINKS OR ATTACHMENTS IN EMAILS FROM UNKNOWN
SENDERS. Even if you doubt that the email belongs to your mail server,
your bank, or your office, you can always contact the suspected source
via other means to check the authenticity of the email.
- Even if you click on the link, make sure not to enter your login
credentials when required.
- In case of attachments, never download any executable files, no
matter how important they seem.

In short, the more you remain cautious, the more secure you will remain online.