Here’s a popular phishing scenario: You receive an email with a link. The link takes you to a phony login page with the name and logo of a legitimate website. Once you submit your username and password, the information is sent straight to the bad guys. Cybercriminals love to use these phony look-alike login pages to steal your credentials and access sensitive information.
Now cybercriminals have developed a way to make look-alike pages even more convincing. Scammers use a special tool to automatically display your organization’s name and logo on the phony login page. They can even use this tool to populate your email address in the corresponding login field. This creates a false sense of security because many legitimate websites remember your username if you have logged in previously.
While this is an advanced attack, you can still stay safe by practicing the tips below:
- Never click a link in an email that you were not expecting.
- Remember that any site, brand, or service can be spoofed.
- When you’re asked to log in to an account or online service, navigate to the official website and log in. That way, you can ensure you’re logging in to the real site and not a phony look-a-like.
Stop, Look, and Think. Don’t be fooled.