Fake email notifications are one of the common attacks hackers use to target small to midsize businesses with phishing attacks. These fake security emails are meant to try to scare you into taking action with messages like “Your account will be suspended in 24 hours.”
These attacks rely on getting you to believe these messages were actually sent from the real platform.
Because of social engineering efforts, hackers are getting much better at mimicking the tone and word choice companies use to alert their customers. Which means that readers must take extra precautions in order to not get duped. Let's look at a few recent examples of this.
This Fake Amazon Email Aims to Acquire Users Login Info and Password
In this recent scam, an Amazon prime user is sent an an email containing an order confirmation for an item they didn’t purchase, or a notice about an issue with a recent purchase. The mention of money in the spoofed order alert usually gets the customer's attention. Here's a real example:
Amazon phishing attempts have become so prevalent that Amazon actually set up a help page to warn customers about it.
Facebook Celebrity Giveaways Have Become a Popular Scam
A newer type of Facebook scam that is becoming more popular is the celebrity giveaway scam.
In this example from a fake Facebook account called "Ellen Give Aways" a post posing as being from Ellen promised gift cards, cash, and prizes to winners who liked, shared, and commented on the post. These phishing scams are boosted by the real likes and shares they generate. Unfortunately, when users clicked through to the "prize" page, they downloaded malware on their computers.
Hacked Verified Twitter Accounts Are Used to Promote Scams
A similar version of this scam recently appeared on Twitter, where hackers posing as Elon Musk were offering a Bitcoin giveaway.
Don't be fooled by that green check mark! This account has nothing to do with the real Elon Musk. A close reading of the message would reveal to most users that this was a scam.
And, when Twitter users alerted the real Musk (@elonmusk) the CEO of Tesla and SpaceX tweeted: "The crypto scam level on Twitter is reaching new levels. This is not cool."
What Should You Do When You Are Sent A Phishing Email from Facebook or Amazon?
Here are some best practices for dealing with Phishing attempts, including emails pretending to be from Facebook or Amazon
1. Do not reply to the email.
2. Do not click on any links or open any attachments in the email.
3. In a separate window, navigate to the real site and log-in to see if you have any notifications in your account.
4. For suspicious Amazon activity use this customer service help page and follow the instructions.
5. For business accounts, copy the suspicious message body and send it to your IT professional, or contact the help desk and alert them to the suspicious email in your account. Chances are, you're not the only one in the organization who is being phished.
Many phishing emails have a suspicious letter or character in the sender field or the footer (but this isn't always the case). When hackers already have access to a real account you trust, sending a spoofed email with a higher chance of working becomes a lot easier.
Phishing emails used to be easier to spot because of misspelled words or awkward language, but the tone and believably of the wording of these spoofed messages has gotten much better in the last few months. Always go back to the source to verify that a message was sent. It is better to be overly cautious than caught by a clever phishing scam.
Does Your Company Need a More Proactive Security Strategy?