Watch Out for People Trying to Steal Your Credentials

Prevent hackers from stealing your credentials

It seems that phishing attacks are still one of the most used techniques by cyber criminals to trick their victims. Phishing attack is when a hacker attempts to steal your data by including a link to your email, chat, or text messages. Once you click the link, the hacker can steal your data and have access to your system. 

Cyber criminals’ goal is to trick you into believing that the email is something you need. It could be a message from your bank, company, or someone you know. Most often, cyber criminals make attacks because they are motivated by financial gain.

Watch out for these ‘cause they are trying to steal your credentials such as bank account numbers, email addresses, and passwords.

Before giving you tips on how to prevent people from stealing your credentials, let’s have a little training. 

Below are two screenshots. One is real and the other is a hacker trying to trick you. Can you spot which is which?

 


 



 

Keep your answer in your mind until the end of this blog.

What to watch out for in your inbox?

 

Requesting sensitive information via email

Cyber criminals, posing as business owners or HR managers, will try to encourage you to share your sensitive information via email. Legitimate companies will never request your sensitive information such as tax numbers and passwords via email.

 

Grammatical and spelling errors

Although cyber criminals are getting smarter with this one, watch out for errors in spelling and grammar. We all make mistakes and sometimes this one can be tricky to spot.

For example:

 

Inconsistent email address and domain names

Using fake internet domain names that look legitimate is fast becoming a popular hacking technique. Always double-check the sender’s email address and never click on the link. If it is regarding an account query (eg. Paypal, Google, etc.), login via your browser rather than clicking the link. 

More examples:

paypal.com becomes paypa1.com, 

Google becomes 6oogle, and

amazon.com becomes amazonn.com

Observing whether the email addresses and domain names are worth checking. 

 

Suspicious links or attachments

Cyber criminals try to steal your credentials by including links and attachments on the email. If you receive unexpected emails or files from an unknown source, take a pause and examine it as it could be a hacker trying to steal your credentials. They may tell you about a suspicious login attempt on your account, offer free stuff, email about payment, and more. Once you click the link or download the attached file, Malware will be automatically installed on your computer.

 

Sense of urgency

One technique used by cyber criminals is to send emails that have a sense of urgency. This could be forcing you to click a link, downloading attached files, or asking you for an amount of money. A sense of urgency creates a feeling of no choice but to comply with what they want you to do. They want immediate action from you. Cyber criminals hope that you will not examine the whole email thoroughly. In that way, they can easily manipulate you.

  

Things you can do:

  • Never click any suspicious links and attached files.
  • Hover over any links and see if they go to where you would expect.
  • Use a password manager.
  • Use multi-factor authentication.
  • Stay updated with the latest scams.
  • Educate your staff about cyber security.

(Also see: 8 Simple Tips to Prevent Getting Infected with Malware

You can have the best cyber security protection for your company. But it only takes one untrained employee to get fooled and your whole company system will be infected. Make sure to train your staff to help them and your company keep safe from stealing their credentials.

Let’s go back to our question.

Who do you think is trying to steal your credentials?

If your answer is Sender 1, then you are correct! 

Why Sender 1?

The first sender is using an email address of account-security-noreply@account.protection.microsoft.com.

Sender 1 is trying to trick you by using a fake email address. The Sender 1 adds a dot (.) to its email address.

Sender 2 is the legitimate one. According to Microsoft, you’ll know it’s legitimate if it’s from the Microsoft account team if it is using account-security-noreply@accountprotection.microsoft.com

So, did you get the correct answer?

If you have any questions or concerns, don’t hesitate to message us.  We’d be glad to help.