The calls and texts start pouring in. Dozens of your friends and acquaintances want you to know they’ve just received a secure email from your account regarding a document that you’ve sent them. Chances are if your friends are receiving this email, you too have already fallen victim to the latest threat to your online security. The email looks something like this:

It looks legitimate. When you click the link you are asked to sign into your email provider account to view the attachment. Now if you sign into your account, the group that controls this sophisticated attack will immediately have access to your Yahoo!, Google, Hotmail, etc. account and will begin to send out phishing emails to those you’ve emailed. The login page looks like this:

Of course, the URL is not, but many people just don’t pay attention to the address bar. One more peculiar detail is the “Click to Select Provider….” field in the login form. Once you sign in, the attackers use a sophisticated set of scripts to log into your account, send out the same exact email and begin attempting to reset passwords for other online accounts that may be tied to this email account.

The last thing the attackers do is create a filter on your account which moves all emails that you receive from that point on to your trash.

If you think you may have accidentally given out your account information, please reset your password immediately. For best security measures, it’s advisable you do this from another computer. If you need assistance with any of this, please call us immediately.

For any questions regarding how to better protect your computers, network and personal information from malware and other attacks, please contact us at 360-756-6035 or contact us via our contact form below.

  • This field is for validation purposes and should be left unchanged.