With much of the workforce conducting business from home to escape the pandemic, scammers have revved up their trickery to scare victims into falling for credential harvesting schemes.
Two new reports lay bare the new twists digital scammers are putting on old approaches to get you to unwittingly give up login credentials for your personal or company online banking and server portals. The two reports focus on how to avoid becoming a corporate or consumer victim.
One new twist detailed by Armorblox threatens to recycle inactive addresses unless the would-be victims immediately update and confirm their account details. This results in fearful recipients entering their legitimate email addresses and password information.
The second report, by email phishing protection firm INKY, reveals the intricate directives of a credential harvesting phishing email. These emails impersonate the United States Department of Justice by using a malicious link with real logos mimicking government websites.
Credential harvesting is largely considered the foundation of email phishing. It is the easiest way for anyone to get into your secure files. They simply use your password that you gave them, explained Dave Baggett, CEO and co-founder of INKY.
“In terms of the overall rate of phishing generally, we have seen nearly a three-times increase in phishing emails since the pandemic started,” Baggett told TechNewsWorld.
Banking on Phishing
Last week, Armorblox, a cloud office security platform that protects inbound and outbound enterprise communications, released its latest discovery of a new credential phishing attempt. The report details how cybercriminals use an email with a malicious link leading to a fake website. The landing page painstakingly resembles the Bank of America login page.