top of page
OceanVertical

Beware of fake new spam filter alerts

  • marketing14560
  • Nov 14
  • 2 min read
Beware of fake new spam filter alerts

Happy Friday 


The bad guys are at it again. This time, they're spoofing spam filter notifications, something you might already receive daily if your company uses an email filtering service (such as ProofPoint). They'll try to trick you into visiting a phishing website that steals login credentials, instantly giving them access to your email, cloud storage or personal accounts.


Here's what these fake emails look like:


ree

The Takeaway


I know that it looks pretty basic but it's actually a very sophisticated attack. When you visit that phishing page, it opens a websocket, keeping an open channel between your browser and the scammer's server, like a phone call that never hangs up. This lets the browser and server send messages instantly back and forth in both directions without needing to reload the page. Cybercriminals love using websockets because they harvest your credentials the instant you type them and they can even send you prompts for additional information in real-time, such asking you for two-factor authentication (2FA) codes. 😬


Let's keep your company safe from becoming a victim of this new phishing attack.

Here's how:


  • Always check the website address in the browser before signing in. Make sure it matches the site you expect to be on. This can be tricky, especially if you're distracted at work or on a phone with a smaller screen.

  • Check if the sender’s email address matches what you would expect it to be. These emails are often sent from Gmail accounts or compromised company mailboxes.

  • Use up-to-date security software, preferably with a web protection component (such as TotalSecurity from Cypac)

  • Use multi-factor authentication (MFA) for every account, period.

  • Use a password manager. They won't auto-fill your password to a fake site, even if it looks authentic.



If you've accidentally entered credentials on a page you realized only too late was defrauding you, notify your IT department immediately. Time is of the essence and there are several steps involved in locking down your accounts.


Stay alert. Stay safe out there.

-Attila


New Friday Funnies!

I told my laptop a bad joke about ransomware.

It froze.


I asked my dad what a VPN was.

He replied,"Very Private Nap!


"What is the lie every human being has made?"

I have read and agreed to all the terms and conditions..."


Why did the PowerPoint presentation cross the road?

To get to the other slide.


🤦Tech tip: How to keep your computer from getting too cold...

Close all of those windows you have open!





 
 
 
bottom of page