Anti-Whaling Email Imposter Protection

Anti-Whaling Email Imposter Protection

May 01, 2020 / in Tech Essentials / by Zafar Khan, RPost CEO

“You’re Fired!” Fake Termination Emails Proliferate in this Climate of Job Insecurity

It was only a matter of time. Fresh off their latest exploits at trying to phish for sensitive financial account information, scammers have set their sights on people’s actual jobs. With jobless claims now topping 30 million and the unemployment rate headed for new highs, cyber criminals now have fertile ground for a brazen new scam.

It goes like this: You receive an email with an unsettling subject line, “Your accounts have been terminated” or, more subtly, “Please Join Important HR meeting Now In Progress”. The message is sent from what appears to be your HR department or a company administrator, and there is text that reads, “This email is from a trusted source”, so this looks like a safe email. Here’s an example I saw:

 

Fake Termination Email

You begin to think to yourself, “Oh no, this is it. My company is going to discuss layoffs, and I’m going to be effected in some way.” You understandably may feel that your own job is now on the line. There’s a big Zoom/GoToMeeting-like button in the email that says, “Join Now”. You’ve seen this a million times now that we’re months into quarantines. You nervously click the button and you are not taken to the real web conferencing app but some other scam site.

The thing is: you were too distracted to notice what site you were routed to. The login page is a pixel-perfect facsimile of what you’ve seen in the past except that you’re actually going to a scammer gateway page built to steal your sensitive email login credentials.

They put the text, “Email Address Password” into the password field instead of just “Password”, as you would see on your real web conferencing page. They’re hoping that you might use the password to your email account instead of your real web conference password. Without thinking, you might enter an email address/password combination (that, for many, is also the combo you use for many other accounts). Once you enter this information and submit it, you are taken to a fake page that tells “Waiting for Organizer”.  You wait for a bit and nothing happens, you assume the meeting was cancelled, and you leave a bit confused, but go about your day.

With the best internet criminals, you may never even realize that the “meeting” was not a real one, but it’s now too late. Your job may in fact be safe, but your sensitive email login info, info that may be used for your email, which is the access point for many of your activities, is now exposed to the crooks perpetrating this scheme. Or worse, that “Join Now” button that you clicked installed malware that can run havoc on the machine you now rely on to work from home. There may even be ransomware involved where you get into an ugly bind looking for Bitcoin to pay off the criminals holding your family photos hostage.

Now what? Obviously, if you are aware of the mistake you need to immediately change your passwords to any accounts that may be affected and run your malware scanner. You should also know that the eSign & E-Security (Free) Work-from-Home Readiness program includes email security automation services: RMail Anti-Whaling email impostor protection for Outlook and, for advanced folks, RMail Gateway inbound-and-outbound phishing and threat protection filters.

Know More:

Vishing 

Smishing 

In these trying and unprecedented times, scammers are always finding new ways to liberate your hard-earned money from your accounts. This is just the latest example, and you can be sure there will be new scams like this in the future as this pandemic crisis persists. Hopefully, with some awareness (and sharing of Tech Essentials with your staff) you can avoid being another victim of these scams.