Phishing Sites and How to Spot them
With threat actors constantly trying to break into a business’s network, its important to stay vigilant and know how to spot when an attacker is trying to trick users into giving up their passwords.
The following are some of the phishing scams that have been sent to victims recently.
A common pattern with these emails is they both pose themselves to be an urgent matter or one that would be of interest to the victim, like an urgent password change or a document holding payment and financial information.
Both the emails prompt the user to follow a link that will land on a login page that looks similar to Microsoft’s login page.
Here is where the victim might be tricked into giving their information. The page looks very similar to what the actual Microsoft login looks like, but there is one key give away. The URL.
The URL is typically the dead giveaway for a phishing attempt. The why URLs work, no two sites can have the exact same URL, so the fraudulent site will always have a different URL than the legitimate site.
In this cause, the URL attempts to look like something related to outlook but there is still added jumble that doesn’t look anything like the legitimate sites
The following are known legitimate Microsoft URLs:
login.microsoftonline.com login.live.com microsoft.com office.com outlook.live.com
If you find yourself on a page that looks like a Microsoft login page but doesn’t have a matching URL, proceed with caution.
Another with attackers for victims to fall for the phishing attempt is to use a compromised email from an organization to target others in that organization.
Attackers will exploit the trust that victims have with the perceived sender to lower their guard give up their credentials.
If attackers are targeting an organization, they will put in text in the email to make it looks like the email belongs to the organization.
With these examples in mind, think twice before opening the link in that suspicious looking email.
To defend against these threats and more, contact us to take the next steps to defend your organization.