Phishing attacks are very common through email, it is very likely that everyone who has an email account may have come across an email trying to social engineer you for data. In this guide we will look at an example of how a phishing attack is executed through email. We will also look at what could happen to our data if the attack is successful and how we could have prevented this. More detailed information regarding phishing can be found on my other post titled “How Do I Overcome Phishing Attacks?”
You receive an email in your inbox from Amazon saying that your account has been compromised and you need to reset the password immediately using the link provided. You have checked the email link and it is showing the correct address so you go ahead and click on the link and changed your password.
What is actually happening?
The email is from a scammer and they have sent the same email to 1000’s of random email accounts hoping that someone will click on the link and reset their password. The link looks like a genuine link but once you click on it, the page that the user ends up on is a fake amazon site created just to collect your login credentials. Here is a demonstration of how this works, if you click on this amazon link: www.amazon.com You will end up on google.
What will they do with my data?
The scammers will use your login credentials to make purchases with your account if your credit card details are on file. If not, they may use these login credentials to try to login to other accounts where you may have used the same details. This information can also be resold on the darknet for other criminals to use the data for similar purposes. In some instances, criminals have used this data to blackmail individuals for money.
What should I have done?
When you receive the email check the address the email has come from. In some cases, even the senders email address can be spoofed. The next thing to do is hover over the link to make sure the link is genuine. In most cases if you need to reset your password you can go directly to the website and reset your password without clicking on any links.
What should I not do?
If you are sure the you have received email is fake do not open it, sometimes this alerts the sender that the email address is active and will therefore lead to even more spam and phishing attempts. Most emails will have an unsubscribe link at the bottom of the page, if you know the email is fake do not click on the link. The link may have some scripts running that when clicked can infect your computer with a virus.