Beware of the fake sign-in websites

Increasingly individuals are being encouraged, usually through an Email or SMS, to sign into a commonly used service (for example their Apple or Google accounts) and the login page is a fake. If you enter your details you will find your account has been compromised as your logon details are passed on to someone else. Here we explain about this kind of attack, what to do to avoid it and what to do if you have fallen victim to it.

05 August 2016 Security  Security

Keyboard Do Not Panic - Article

You may find yourself the recipient of an Email inviting you to open an attachment or click a link and everything about the message looks, at first glance, to be genuine.  It may have come from someone you know, the link graphic is what you would expect (e.g. a picture of an Adobe document) however all is not as it seems.

These kind of attacks don't involve hacking into your computer or device and work on whatever you are using (your phone, tablet or computer) to read your Email. What they do rely on is you being busy and not paying particularly close attention to what is going on.

The nature of these Emails is such that they are more likely to get through spam filtering services and certainly if they are being sent using another compromised account.  So you can expect to receive them, however by following a few simple rules you can educate yourself on what to do to spot the tell-tale signs and avoid giving someone else unauthorised access to your information.

When signing into a service

  • Always type the address into the address bar or use a bookmark you have previously created – don’t use a link in an Email even if it looks genuine.
  • Double-check the address bar at the top looking for the correct address – phishing websites will typically use a variation or slightly altered spelling so you are less likely to notice it is a different address.
  • Check that the address begins with https and that the padlock (security symbol) is shown next to the address – legitimate websites will use an encryption mechanism to secure your interaction with them as indicated by the https and padlock.

Below are to examples of genuine sign-in pages with the https , the correct addresses and the padlock symbol .

Secure Sign-in Webpage Example 1

Secure Sign-in Webpage Example 2

 

If you have provided your details on a fake sign-in page

  • Log into your account and change your password as soon as possible.
  • Double-check your personal details and any recovery settings (e.g. mobile phone number, date of birth etc.) are correct
  • If you have provided any kind of financial details (e.g. credit card etc.) contact your banks etc.
  • If it is an Email account and that contains any financial details or access/password notes – contact your banks etc. and change your passwords.
  • If it is an Email account rules may have been added (e.g. to delete certain new Emails) to hide the fact your account has been compromised – check for these rules and send yourself an email to check it arrives.

Change your passwords

With this kind of attack, it doesn’t matter how good your password is but as people tend to use the same password for other services you are advised to change the password on any other service that used that same password or something similar.

How to spot a fake E-mail messages

We have a guide which explains in more detail how to spot fake E-mail messages and it is worth reading so you can identify the tell-tale signs.

Finally

If you have any concerns, please contact us for assistance.

Tags  email fake fraud mail phishing spam

Corrections or suggestions

Secure USB Flash Drive

Kingston DataTraveler Locker+ 16GB USB Flash Drive

Kingston DataTraveler Locker+ G2

Secure USB Hard Drive

Western Digital MyPassport 1TB USB Drive

Western Digital MyPassport 1TB

Security Cable

Kensington MicroSaver Cable Lock

kensington lock