Credential Harvesting
To Click, or Not to Click?
Hey {EmailFirstName}, This email was sent automaticly by eBay due to several unauthorized attempts on your account. Your account has been disabled for your protection; To reset your pasword click here: https://fyp.ebay.com/ChangePassword?reqinput=13b9
You just received an email about one of your passwords. Slow down and think things through. How do you know if it's legit?
1. Sender
Hey {EmailFirstName}, this email was sent automaticly by eBay due to several unauthorized attempts on your account. Your account has been disabled for your protection; To reset your pasword click here: https://fyp.ebay.com/ChangePassword?reqinput=13b9
It's important to verify the actual email address instead of just the name. Does the address look real and is everything spelled correctly?
Incorrect. There are several mispelled words and a sense of urgency to urge you to click.
Correct. There are several mispelled words and a sense of urgency to urge you to click.
2. Context
Hey {EmailFirstName}, this email was sent automaticly by eBay due to several unauthorized attempts on your account. Your account has been disabled for your protection; To reset your pasword click here: https://fyp.ebay.com/ChangePassword?reqinput=13b9
Often times, attackers will create a sense of urgency, talk about things that are too good to be true, flattery, mispellings, or other suspicious word usage. Is this email suspicious?
Incorrect. Notice how they spell support with one 'p' and a '0'? Companies will also include their logos and other features to distinguish themselves unlike this email.
Correct. Notice how they spell support with one 'p' and a '0'? Companies will also include their logos and other features to distinguish themselves unlike this email.
2. Context
Hey {EmailFirstName}, this email was sent automaticly by eBay due to several unauthorized attempts on your account. Your account has been disabled for your protection; To reset your pasword click here: https://fyp.ebay.com/ChangePassword?reqinput=13b9
If you have any suspicion regarding the email, sender, or content, do not open any attachments and contact your friendly neighborhood IT department.
2. Context
Hey {EmailFirstName}, this email was sent automaticly by eBay due to several unauthorized attempts on your account. Your account has been disabled for your protection; To reset your pasword click here: https://fyp.ebay.com/ChangePassword?reqinput=13b9
Simply opening the link is enough to compromise your computer. If you think the link is safe and you click through, there are a few risks to be particularly aware of.
3. Check the URL again
Does this look like the company's official page? Often times, hackers will simply use an IP address like 169.054.233.119 instead of an actual URL.
4. HTTPS
When doing anything online that involves private matters like finances, passwords, etc., always ensure that the site is using 'https' and has a green lock, like so:
5. Internal Department
IT Support <it@gmaller.com>
401k Updates
Hey everyone,
It's that time of year again, tax season. We're going to need everyone to login to our new system here: https://fedral.410k.org/updateinformation?reginput=1231 The sooner this is done, the sooner we can get your W-2's back to you.
Another common phish is when an attacker pretends to be from your IT or HR department and asks for banking information or password resets.
5. Internal Department
IT Support <it@gmaller.com>
401k Updates
Hey everyone,
It's that time of year again, tax season. We're going to need everyone to login to our new system here: https://fedral.410k.org/updateinformation?reginput=1231 The sooner this is done, the sooner we can get your W-2's back to you.
The same rules apply; take things slow, check the sender's email address, hover over links before clicking, and check the website URL before inputting anything.