Security Tip of the Week – Credential Scam with a Clever Twist

If you try logging in to an account, but get a “wrong password” error what do you do?

Keller Schroeder Security Solutions Group Logo

You’ll probably try typing the same password again. But if that doesn’t work do you try another one of your passwords? Then another, and another? Cybercriminals have a clever new scam that takes advantage of this exact behavior.

You receive an email with a link to view an important document. If you click the link, the document looks blurred-out and is covered by a fake Adobe PDF login page. If you enter your email and password, you’ll get an error stating that your password is invalid. This page allows you to try a few more times before eventually blocking you from viewing the document. But the truth is, there was never a document to view. Instead, the cybercriminals saved your email address and every password you tried to use. They can use this information to try to log in as you on other websites. 

Don’t be fooled! Remember these tips:

  • Remember that any site, brand, or service can be spoofed. 
  • Never click a link in an email that you were not expecting. If you’re not sure, reach out to the sender by phone to confirm the legitimacy of the email. 
  • Always use a password that is unique to that specific account. This way, if your credentials are stolen, the cybercriminals can’t access your accounts on other websites. 

Stop, Look, and Think. Don’t be fooled.


KnowBe4 Logo - Keller Schroeder Vendor Partner

KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.


DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.

Share:

Join Our Mailing List

More Posts