Security Tip of the Week – Sneaky “Service Desk” Attack

by Mallory

 

A new phishing attack is using a number of tactics to trick unsuspecting users into handing over their login credentials. The email claims you have unread emails due to your cloud storage being full. It then gives you options to resolve the issue. Clicking on either link sends you to a phony login page for your service provider. And any information on this page will be sent directly to the scammers.

Keller Schroeder Security Solutions Group LogoWhat makes this scam so sneaky? First, the phony log-in page not only looks official, but also functions like a real login page. Only passwords that meet real requirements are accepted. If an acceptable password is entered, you are redirected to the actual website of the service provider you just provided credentials for. Second, the email is sent from a no-reply address using the domain “servicedesk.com”. Most of us are used to seeing emails from support desks, which makes this sender feel legitimate. Third, the email itself bypasses security filters that you may have in place by using a combination of factors that makes your email security filters think the link is secure.

Don’t be fooled! Remember these tips:

  • Phishing emails are often designed to create a sense of urgency. In this case, the idea that you’re missing important emails. Think before you click, the bad guys rely on impulsive clicks.
  • Email security filters can only do so much to protect your sensitive information. Stay alert and help create a human firewall for your organization.
  • When an email asks you to log in to an account or online service, log in to your account through your browser and no by clicking the link in the email. That way, you can ensure you’re logging into the real website and not a phony look-a-like.

Stop, Look, and Think. Don’t be fooled.


KnowBe4 Logo - Keller Schroeder Vendor PartnerKnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.


DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.

Top