In a new scam, cybercriminals use short, simple phishing emails to try to sneak past security-aware employees. The scam itself is a typical credential-stealing phishing attack: You receive an email notification stating that some of your emails could not be delivered. To review these emails, you are directed to click a link. If you click the link, you are taken to a fake login page and any credentials that you enter on the page will go straight to the cybercriminals.
What makes this scam unique is the simple phishing email. The email looks like a plain text alert with only a few lines of information and no images or logos. With so few details to look at, it could be difficult to determine if the email is legitimate. To match the plain text design, the link in the email is a long URL instead of the usual “Click Here” type of link. Cybercriminals want you to trust the URL, but if you hover your mouse over the link, you’ll find that the link does not lead to the URL shown in the email.
Follow the tips below to help you stay safe from similar, simple scams:
- Never click on a link in an email that you were not expecting, even if it appears to come from a program or application that you use.
- When you receive an alert email, ask yourself questions such as: Did I sign up for email notifications? Have I received alerts like this in the past?
- If you think the notification could be real, log in to the program or application directly instead of clicking the link in the email.
Stop, Think, and Look. Don't Be Fooled.