Phishing Attacks – PSafe Blog

Dropbox Phishing Attacks Are on the Rise

PSafe Newsroom — Tue, 16 Jan 2018 13:00:32 +0000

Dropbox is a popular program that allows users to quickly store, organize, and share information. It’s used all over the world, and it has what every user wants: the element of convenience. Being able to store and share documents with the click of a few simple buttons is a great thing, but unfortunately — like most tech innovations — it comes with some risks, too. To protect yourself against Dropbox phishing attacks on your Android, use dfndr security’s anti-hacking feature to monitor any navigation whether attached to emails or chat services. Try it immediately:

Once the anti-hacking feature is activated on your device, it will block phishing attempts even before you click on a link, thereby preventing theft of your login credentials.

Learn more below about the rise of Dropbox phishing scams so you can stay aware of how to protect yourself as you use this popular program.

How Do These Scams Work?
These scams are particularly scary because they so closely mimic the way that the program actually works. Once you become familiar with a program, its layout, and the way that it works, it can become tough to question things as you see them in relation to that program. That is how this attack gets people unexpectedly, though.

Users are frequently being sent emails that look identical to something that may come from Dropbox. These messages will come from a spoofed email address that mimics the normal Dropbox address. They will also showcase the exact Dropbox logo, font, and layout that users are so familiar with and accustomed to. These messages may look like they are coming from a contact that you are familiar with, making them even more believable.

Then, when users are lured into clicking on the link, they may be asked to enter a username and password. This gives away your credentials, causing more of an issue. After that, the user will be asked to choose an email provider to “drop” the downloaded documents into after they are downloaded. As you can tell, this issue could allow hackers to receive your Dropbox and email information, which has the potential to expose all of your personal information that they may be able to use for malicious intentions.

How to Combat This Issue
To work against this issue, users should be wary of the link that pops up if they click on the original phishing email. If the URL does not appear as it typically does, or if it has any foreign words it it, discontinue the process of logging in to view the “shared” information. Always follow up with contacts before accessing the data to ensure that they actually sent you something.

5 Unknown Phishing Scams to Watch for During the Holidays

PSafe Newsroom — Wed, 20 Dec 2017 00:00:40 +0000

It’s the most wonderful time of the year for spending time with family and friends — and finding great holiday gifts at incredible prices. As you spend more money online and hunt for the best deals, hackers introduce more clever phishing scams to lure you in. These phishing scams go far beyond the more obvious ones, such as a fake email about winning a contest or a Google ad for a discounted luxury item. Here are 5 lesser-known phishing scams to watch out for this holiday season:

An Email That Your Transaction Was Declined
While shopping this season, the last thing you want is for your card to be declined. If you receive an email that says your credit card or PayPal transaction was declined for a recent order, this is a phishing scam. Don’t click on any links or hand over your personal information. If you must check your account or the status of your order, manually type in the correct URL and log in to your account to verify that everything is in okay. You could also download an antivirus app like dfndr security to regularly scan your phone for any malware. The best feature you might want to activate in our app is anti-hacking because during the flurry of a shopping session this feature can identify and block malicious links before you click on them. Turn it on to try it:

Read More: Can’t Stop Clickbaiting? anti-hacking Will Protect You

Spoofed Two-Factor Authentication
In this phishing scam, a hacker uses a victim’s phone number and email address to assume her identity and ask Google (or another service) to reset the password for her email account. Whenever Google texts the victim with the reset code, the hacker will then pose as Google to text the victim about unusual account activity, and request that the victim send the hacker the reset code to confirm her identity. If the victim sends the reset code to the fake Google text, then she has just given the hacker the ability to access her account.

Instagram Shopping Scams
Boutique accounts have become incredibly popular on Instagram, with items often selling out within minutes. While there are many legitimate Instagram boutiques out there, you should be wary of shady accounts that try to lure you in by purchasing an item or clicking on a link. Before you shop on Instagram, make sure that the boutique you’re interested in is legitimate by paying attention to the number of followers, the seller’s language, and any reviews or websites that discuss the boutique.

Fake Promotional Emails With Coupons
Maybe you ignore promotional emails altogether, or maybe you check them for the latest sales and deals at your favorite stores. If you receive an email this season that promises an incredible deal, don’t click on any links or images in the email — it could be an email spoofing your favorite retailer. To ensure that the deal is legitimate, check the email’s language, compare the email to past emails, and go to the store’s website to find the deal or contact customer service to verify the email.

Shipping Scams
With this scam, you’ll receive a fake email from UPS or FedEx informing you that your package was unable to be delivered. To remedy this issue, the email will ask you to click an infected link or open a malicious attachment. If you receive an email like this, ignore it — these services will never email you about undeliverable packages. Further, be wary of any odd-looking emails that contain a tracking number — the link could be fake.

5 Phishing Clues to Look for in Emails from Your Contacts

PSafe Newsroom — Tue, 24 Oct 2017 00:00:51 +0000

Hackers and online predators have unfortunately become very savvy in recent years. This means that they’ll go to almost any lengths to trick you and obtain your sensitive information. Now, hackers are even making emails and messages appear to be from one of your contacts, then compromising your system when you click on any malicious links. Actively looking for these clues and practicing caution as you open emails — in conjunction with using the anti-hacking feature on your Android device — will ensure that you keep your information and accounts private, safe, and totally secure. Click here to protect yourself from phishing attacks:

Read More: The Rise of Increasingly Sophisticated Ransomware

The Email Address Doesn’t Match Your Records
As mentioned, hackers are savvy. They have the capability to make emails appear as if they’re from someone in your contact list, when really, they are from a different and malicious email account. Always verify that emails containing outbound links are actually from whom they claim to be from. Check the email address in your records. You’d be surprised — sometimes hackers use email addresses at domains containing dead giveaways like the word “evil.”

It Has a General Salutation
Hackers may put in a general salutation that isn’t personalized or isn’t how your friend or family member would actually greet you. It may say “Hi!” or something else devoid of a specific name.

The URL Doesn’t Go Where it Claims to Go.
Hackers know how to make URLs (that are embedded into emails) look like they’re going to direct you somewhere that they aren’t. Before clicking on a link, hover over it to verify that it is going to direct you to a trusted site or at least to where it claims it will send you.

The Email Urges Immediate Action.
Phishing emails often attempt to trick you into clicking on a link and divulging sensitive information that you wouldn’t want to be compromised. If your “contact” sends an email that seems to be pushing you towards clicking a link, filling out a form, or completing a request, be cautious.

The Email Contains Attachments
You should always be cautious when opening attachments in emails, even if they appear to come from a trusted source. Look at the attachment name, verify the email address from your records, and even follow up directly with your contact to confirm they’ve sent an attachment before opening it if you find it to be questionable. It’s always better to be safe than sorry!

The Google Doc Phishing Attack of 2017: Can It Happen Again?

PSafe Newsroom — Tue, 08 Aug 2017 13:00:35 +0000

On Wednesday, May 3rd, Google and Gmail users experienced a wide, sophisticated phishing attack. It came from a phony app that called itself “Google Docs.” During this incident, approximately 1 million Gmail users received an email asking them to open a Google Doc. If the link was clicked, the user was taken to a page to open the document with their Google account. Doing so would then give the attacker access to the user’s email account and contacts. If you think you have fallen victim to this scam or a similar scam, you should use Security Scan to quickly check your device for malware:

Phishing is a popular method of stealing credentials in order to hack email accounts, bank accounts, or other private accounts. Luckily, Google was able to shut down the attack and delete the offending app within an hour of it’s launch. Not all companies and individuals are this savvy at identifying threats, though. The only way this kind of phishing can be identified is by looking at the developer information very closely. Since the average person doesn’t always read the fine print, security scanning software is vital.

The culprit of this attack is the Open Authorization system used by Google as well as several other sites to log users into multiple accounts at once. When you log in with this system, it creates a session token which can be transferred to other sites and services, which then logs you into them as well — indefinitely. And this is why it is so dangerous. When you log in to those fun online quizzes, you don’t often think of what happens when you leave the quiz site. If you stay logged into facebook and other sites that use OAuth, you open yourself up to scams like phishing and viruses.

Because OAuth uses session tokens instead of passwords, it is incredibly easy to hack. All the malware worm needs to do is make itself look legitimate by using icons, logos, and emails. In other words, OAuth systems depend on websites and applications telling the truth about who they are. As OAuth itself is not a security system, but a logging in system, these kinds of attacks are hard to catch because they look legitimate. Computers and laptops are the most susceptible to this kind of attack, but these attacks can happen to phones and mobile devices, too. That’s why it is important to regularly scan your device for malware in order to identify applications or downloads that could secretly be stealing your information.

Can a QR Code Be Used in a Phishing Attack

PSafe Newsroom — Tue, 08 Aug 2017 01:00:53 +0000

QR codes, or Quick Response codes, are an easy method for companies to transmit data to customers. Similar to a bar code, users can scan the QR code to save contact information, visit a URL, or compose a message. These codes are useful for companies and consumers, as they save time and prevent users from manually typing out texts. Unfortunately, relying on QR codes means trusting that the link is safe, an assumption which is sometimes not true. Make sure that the QR code you scan is trustworthy and free of malware by running the Full Virus Scan feature after:

Rather than taking a chance with an unknown code, you should rely on this complete virus scan to check for threats on your smartphone and SD card. Although QR codes cannot be hacked, they’re often plagued by phishing attempts, spelling out trouble for mobile users.

Phishing Tactics
Though more involved than phishing through emails or false site links, QR phishing is still the biggest security breach when it comes to QR codes. These codes are most often displayed in public places, used to direct smartphone users to a company’s website. Hackers will replace these QR code posters or produce their own false posters, both with fake codes which will redirect mobile users to phishing websites. These websites will often appear identical to the real deal; the layout of mobile websites will make it difficult to check the website’s full address.

In one instance, a malicious QR code in Russia sent a text message to premium numbers, an attack which charged each number $5 per text message. In these and similar instances, most attacks targeted Android devices. In other situations, websites that users were directed to ran browser exploits, a malicious code which takes advantage of vulnerabilities in operating systems. Browser exploits are able to enable microphone and camera access, send emails, and join a botnet in order to carry out a DDoS attack on a website. Due to the nature of browser exploits, Android users will be unable to tell that their device is being attacked.

Protect Yourself
To protect yourself, and your phone, from malicious QR codes, make sure to fully examine the poster from which you’re scanning the code. Many times scammers will place the fake QR code above the real one, which can be checked by touching the poster. Be suspicious of the page you land on through the QR code and never share personal or login information. While manually typing in the URL may be more time consuming, this is often the safest way to access a website.

Phishing Attacks Can Be Stealthier Than You Think

PSafe Newsroom — Fri, 23 Jun 2017 17:00:41 +0000

The consequences of a phishing attack can be devastating: both on an individual and business level, it can result in being barred from your account, financial losses, and even identity theft. Chances are when you think of a phishing scam, you think of an email full of typos or a website with a long and erratic URL. But nowadays a phishing attack—any attempt to lure you to a fake version of a real website to get you to give away your information—can be well disguised, fooling even the most informed person. To best protect yourself from phishing scams, use the Anti-Hacking feature to thwart any attempts.

With Anti-Hacking, you will receive warnings of dangerous sites and have your passwords protected. By reading through the following sophisticated types of phishing, you can better understand why you should be vigilant about protecting against them.

Deceptive Phishing
This is probably the most common type of phishing. It employs an email with urgent language that prompts you to enter your credentials to be safe from a non-existent threat. Even though the clearest indicator is strange wording or grammar and spelling errors, such an email can redirect you to a website with a URL that’s only a little different from the website it’s pretending to be. Be extra careful, then, with any non-direct way of accessing a website.

Spear Phishing
Even more deceptive, spear phishing uses the same strategy except it personalizes the message, and attackers customize the email to include your name, position, company, etc. It’s important to be familiar with how this type of phishing looks, but investing in an antivirus software, such as the Anti-Hacking feature of DFNDR, recognizes malicious links and ensures total safety.

Pharming
Pharming is another type of phishing that can easily go undetected. In this case, an attacker skips the baiting email and simply redirects alphabetical website names to a malicious link using a method called domain naming system (DNS) cache poisoning. This can occur even if you’ve entered in the correct website URL.

SMS Phishing
Phishing doesn’t only happen in the domain of emails and incorrect URLs. Attackers can now target people via SMS by sending a fake text message from your cellular provider, or another mobile service you use, that prompts you to give your login information. They then lead you to a fake verification process that first might ask for your phone number and zip code, and then email login, and later bank information. What’s sneaky about this method is that even if you don’t go through with the entire phish, they can gain your personal information in increments.