Scam of the Week - Credential Scam With a Clever Twist
If you try logging in to an account, but get a “wrong password” error what do you do? You’ll probably try typing the same password again. But if that doesn’t work do you try another one of your passwords? Then another, and another? Cybercriminals have a clever new scam that takes advantage of this exact behavior.
You receive an email with a link to view an important document. If you click the link, the document looks blurred-out and is covered by a fake Adobe PDF login page. If you enter your email and password, you’ll get an error stating that your password is invalid. This page allows you to try a few more times before eventually blocking you from viewing the document. But the truth is, there was never a document to view. Instead, the cybercriminals saved your email address and every password you tried to use. They can use this information to try to log in as you on other websites.
Don’t be fooled! Remember these tips:
- Remember that any site, brand, or service can be spoofed.
- Never click a link in an email that you were not expecting. If you’re not sure, reach out to the sender by phone to confirm the legitimacy of the email.
- Always use a password that is unique to that specific account. This way, if your credentials are stolen, the cybercriminals can’t access your accounts on other websites.
Stop, Look, and Think. Don't be fooled.
The KnowBe4 Security Team