Customer Awareness Corner

Customer Awareness Corner

Phishing Attacks

Phishing attacks continue to play a dominant role in the digital threat landscape. Deceptive phishing is by far the most common type of phishing scam. In this ploy, fraudsters  impersonate a legitimate company such as FMC Finance in an attempt to steal people’s  personal data or login credentials. Those emails frequently use threats and a sense of urgency  to scare users into doing what the attackers want.

Many attackers attempt to evade detection from email filters by incorporating legitimate links into their deceptive phishing emails. They could do this by including legitimate contact information for an organization that they might be spoofing. For example location of the offices and phone numbers.

Those responsible for creating phishing landing pages commonly blend malicious and benign code together to fool Exchange Online Protection (EOP). This might take the form of replicating the CSS and JavaScript of a login page in a bid to steal users’ account credentials.

Malicious actors don’t want to raise any red flags with their victims. They therefore craft their phishing campaigns to use shortened URLs as a means of fooling Secure Email Gateways (SEGs), “time bombing” as a means to redirect users to a phishing landing page only after the email has been delivered and redirects to legitimate web pages after victims have forfeited their credentials.

Some email filters can spot when malicious actors steal organizations’ logos and incorporate them into their attack emails or onto their phishing landing pages. They do so by looking out for the logos’ HTML attributes. To fool these detection tools, malicious actors alter an HTML attribute of the logo such as its colour. Check the website if it’s really the one for FMC Finance. E.g. check colours and other security features you are used to seeing.

Digital attackers attempt to evade detection by including minimal content in their attack emails. They might choose to do this by including an image instead of text, for example.

The website should have https else it is fake or unsecure if they use http. We do not encourage our customers to continue using it once they have observed this as this exposes them to cyber-attacks and phishing

× Whatsapp