Recently, Google’s Threat Analysis Group (TAG) published a report about a new tactic that cybercriminals are using in spear phishing attacks. Spear phishing is when cybercriminals send targeted emails impersonating someone you trust to try to steal your sensitive information. Now, cybercriminals are impersonating media outlets and luring you in with a fake interview.
This attack starts with an email impersonating a trusted media outlet. In the email, the cybercriminals ask to interview you and prompt you to click a link with the interview questions. If you click this link, you’ll be redirected to a malicious website with a login prompt. Unfortunately, any login credentials that you enter will be sent directly to the cybercriminals. Then, they’ll be able to access your account for their own malicious goals.
Follow the tips below to stay safe from similar scams:
- Remember that spear phishing attacks can impersonate anyone, such as a media outlet or a close friend. Think before you click, and never click a link in an email that you aren’t expecting.
- Make sure that the sender is actually who they say they are. If the sender claims to be someone you know, reach out to them in person or by phone to verify.
When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain spelling or grammatical errors.
Reference: KnowBe4.com