More and more scam emails are using the secure email theme. Detecting fraud can be more difficult than usual for them.
The Cybersecurity Center warns of credible-looking security mail scams. Adobe Stock
The Cybersecurity Center says in its weekly review that it has received many reports of phishing messages, in which the message is disguised as a security mail that looks authentic. It is a similar Microsoft 365 data breach campaign, about which the authority issued a serious warning last October.
You can often recognize a scam message from the link in it or by checking the sender of the message. However, these methods are not useful in identifying secure email scams.
The scam message itself does not seem suspicious, because even genuine security emails have a link. In addition, secure email scams make use of hijacked Microsoft 365 accounts, which is why the message may appear to come from a completely trustworthy sender.
According to the official, messages are currently spreading from one organization to another, especially in the education and municipal sectors. Hacked accounts are used to send new phishing messages.
The story continues below the picture.
Security mails from scammers look very genuine. In addition, the sender can be a familiar person, because messages are sent from hacked accounts. Cyber Security Center
This is how the scam works
The link in the scam email, which you are asked to click, leads to a site that extorts user IDs and passwords for the Microsoft 365 environment.
The exhortation may be intensified by some reason that causes a strong reaction, such as, for example, preparing to take care of children.
– If you mistakenly enter your e-mail account username and password on the website that opens from the scam message, the criminal will take over the account and use it for fraud and for further sending of new phishing messages, the Cyber Security Center warns.
The Cybersecurity Center recommends using two-step authentication and restricting email forwarding rules.
– The forced introduction of two-step authentication is an effective means of protection against phishing campaigns. If the use of two-step authentication is left optional, it will not provide full protection, the Cyber Security Center says.
Source: Cyber Security Center