Phishing: Trends and Warnings

Stay Alert, Check the Sender’s Information, and Double-check before you Click! Here are some of the latest phishing trends…


What is Phishing?

Phishing is the fraudulent practice of sending emails or other messages purporting to be from reputable sources in order to induce individuals to reveal personal information, such as passwords or credit card information.

Here are some of the latest examples…

Microsoft account security alert

An email arrives that looks very much like it came from Microsoft’s security team: the email profile name says Microsoft 365 Support, the logo and color schemes are almost identical to Microsoft’s, and the email account information provided seems just like it came straight from your account. The email typically states that someone else has accessed your account and therefore, you must reset your password by clicking on a link that is provided.

Once you click the link, you are prompted (with very legitimate-looking text and images) to enter your current password information and then create a new one. The hacker has now received your current email account password and you think you have secured your account.


Uber Eats Voucher

These usually say something like, “We’ve missed you! Here is a $100 voucher for your next order! Just scan the QR code and enter your number.” The Uber Eats logo and typical images appear in the email and it looks very much like their typical marketing emails. Unfortunately, the QR code links to a virus or other threatening piece of software and you have exposed yourself to a hacker.


Critical Software Update Required

These emails often purport to come from your IT team and reference a very important, company-wide software update that needs to be installed. The text in the email looks very similar to other emails that you’ve received from the IT department and the link that is provided doesn’t seem too out of the ordinary. Unfortunately, when you click the link to update, you have exposed your data to hackers.

.

Adobe Electronic Signature Request

More and more business is done remotely and many signatures are provided electronically - from real estate closings to non-disclosure agreements. We usually see these come from another business that you typically work with and sometimes it’s because that business’s email systems have been hacked. They have the Adobe Acrobat logo along with a “review and sign” button that looks just like all the other signature documents that you get. When you click the link to sign, you have opened the door for a hacker.


Password Expiration Notices

Hackers are getting better and better at mimicking images and email designs from all sorts of companies. We've seen these phishing scams include social media like Netflix, Microsoft, GoDaddy and other hosting sites, banking platforms, and more. The emails simply state that your password is expiring and needs to be reset. When you click the provided link, you are prompted to enter your current password first, which means you have just provided it to a hacker.


Sales Opportunities or “Request for Quote” (RfQ)

These often get your sales team excited - they have been given the opportunity to earn some new large chunk of business. The emails typically reference an attached RfQ with a note asking you to fill out an attached form. Once you click the attachment, you have exposed yourself to hackers.


Access Request for File Sharing Platform

Typically referencing SharePoint, these requests state that someone has asked permission to view certain documents, folders, or other items in your file-sharing platform. They may reference GoogleDrive, DropBox, NetDocs, your EMR software, or any other legitimate-sounding platform. The email includes both an “accept” link and a “decline” link. Most people choose to click the link for “decline” thinking that they are protecting their data, but once the link is clicked, their data has been exposed to hackers.

What Can I Do?


While there are many more examples, the common theme is a request to click on a link or attachment and then provide some additional information. We get emails like these forwarded to our support team all the time and we always remind customers that if there is any reason to think it could be legit, then call the sender and verify it’s legitimacy. Here are some tips:

  • Look at the sender’s email address (not the profile name) to see if it seems legitimate

  • Compare the text, grammar, and writing style to other emails that you may have received from the sender to see if things seem consistent

  • If there is any doubt at all, do not click on any button/link, attachment, or other item

  • Carefully check to see if the entire email is a “button” or link by right clicking or looking at the shape of your cursor as you move over it

  • Call the sender or send them a separate email to a known legitimate address to verify the accuracy of the email in question

Why Seras IT is the obvious choice for managed services in South Carolina…

Go Local & Save Time and Money

  • Locally owned and operated

  • Centrally located

  • Certified and secure

  • 24-hour access to owners and management

  • Fastest response times - guaranteed

  • Active in the local Community 

  • 100% customer satisfaction

 
Seras, LLC is a BBB Accredited Computer Business Service in Columbia, SC