One of the oldest internet scams in the book is phishing emails: unsolicited messages that look legitimate and prompt the user to change the password to an online account. Actually, the average user is quite familiar with such password reset emails, especially if he or she tends to forget the password to that specific email, be it an account to a social media platform such as Facebook, Twitter, and Instagram, or other accounts such as Apple ID, eBay, or the popular ecommerce site, Amazon.
In fact, one out of nine email users encountered email malware in the first half of 2017, according to the Symantec Internet Security Threat report from October.
How Phishing Emails Work
Using strong and unique passwords for all your accounts and securely storing this sensitive data in a password management app will safeguard your credentials from many security risks. But not even a cryptographically perfect password will protect the user if that password is handed directly to a hacker; it’s like handing over the keys to your house.
Unfortunately, hackers rely on the fact that we regularly receive such emails and, by masking themselves as coming from the legitimate senders, can distribute malicious links or attachments that can perform many functions, in particular extracting login credentials and account info.
Can you count how many times you have had to reset your Facebook password or received an email from an internet-based service suggesting that you had requested to change the account password, even though you hadn’t? If yes, you are not alone.
There are millions of users worldwide who were the target of such attacks, and there will be millions more. The most important thing is to take measures against these phishing attacks to protect your digital identity and financial data.
Instagram Data for Sale
Earlier in 2017 a group of hackers calling themselves “Doxagram” offered for sale the personal data, including phone numbers and email addresses, of six million Instagram users. Among the accounts, high-profile users such as Taylor Swift, Kim Kardashian and her sisters Khloe and Kourtney were among the 500 A-list celebrities identified by UK cybersecurity company RepKnight. Due to its growing popularity, Facebook-owned Instagram and its users have been the target of various cyber attacks, including phishing email attacks.
Fake Facebook Emails
In June 2017 Facebook officially surpassed the 2 billion user mark, so it shouldn’t come as a surprise that its users have received countless fake password reset emails. More recently, a new email attack has been targeting users in which apparently a legitimate email claims to be a notification from Facebook suggesting that your messages will soon be deleted.
An Apple a Day to Keep the Hackers Away
After one of the biggest hacks of celebrity iCloud accounts went viral under the “fappening” name, Apple publicly stated that its iCloud service wasn’t hacked. Later, news of ransomware began spreading throughout the internet as a number of iOS and Mac users based in Australia, New Zealand, Canada, and the U.S. were reporting that their devices had been locked remotely, and the hacker – calling himself Oleg Pliss – was asking for money in exchange for its return. Apple has dedicated a support page to inform users on how to protect themselves against fake password reset emails, phishing emails, and more.
Amazon Users Scammed with the Temporary Password Trick
An email – apparently from Amazon – landed in the inbox of a Consumer Affairs journalist and sought to siphon his username and password. The message used the “temporary password” trick and included a link to a fake Amazon website. This is just one of the many emails Amazon users get from hackers.
The Biggest Risk After the eBay Hack
Maybe one of the biggest risks of the eBay hack that affected potentially more than 200 million users worldwide was the fake phishing emails that were pretending to be from the company asking users to reset their passwords. Since eBay was forced to send out emails informing its users about the state of their accounts, falling into the trap of such fake emails requesting a ‘password reset’ was easy.
How to Differentiate a Real Email from a Fake
If you suspect an email might not be genuine, the best thing to do in such cases is to not click on the link that’s inserted in the email body. Try looking for signs of potential fraud, such as misspelled words, incorrect grammar, broken syntax, and more. And always check the sender’s email address. There is more to be read about additional measures for protecting yourself against phishing email attacks, which can be discovered by following the U.S. government’s guide for recognizing and avoiding email scams.
Best Password Managers of 2018