Scam of the Week - Sneaky “Service Desk” Scam
A new phishing attack is using a number of tactics to trick unsuspecting users into handing over their login credentials. The email claims you have unread emails due to your cloud storage being full. It then gives you options to resolve the issue. Clicking on either link sends you to a phony login page for your service provider. And any information on this page will be sent directly to the scammers.
What makes this scam so sneaky? First, the phony log-in page not only looks official, but also functions like a real login page. Only passwords that meet real requirements are accepted. If an acceptable password is entered, you are redirected to the actual website of the service provider you just provided credentials for. Second, the email is sent from a no-reply address using the domain “servicedesk.com”. Most of us are used to seeing emails from support desks, which makes this sender feel legitimate. Third, the email itself bypasses security filters that you may have in place by using a combination of factors that makes your email security filters think the link is secure.
Don’t be fooled! Remember these tips:
- Phishing emails are often designed to create a sense of urgency. In this case, the idea that you’re missing important emails. Think before you click, the bad guys rely on impulsive clicks.
- Email security filters can only do so much to protect your sensitive information. Stay alert and help create a human firewall for your organization.
- When an email asks you to log in to an account or online service, log in to your account through your browser and not by clicking the link in the email. That way, you can ensure you’re logging into the real website and not a phony look-a-like.
Stop, Look, and Think. Don't be fooled.
The KnowBe4 Security Team