The latest phishing alert sees scammers impersonate the IT department of the targeted organisation in an attempt to steal email credentials and install a malicious file onto the victim’s computer. Attackers have interestingly used a fake email address from American multi-national and shipping services company FedEx as the trusted name to lure victims into providing their details.
A notable characteristic of this attack is the scammer's ability to use the name of your company or organisation in order to facilitate the phishing attempt. By purporting to be the victims internal IT services, the email advises the receiver that they have been ‘deactivated’ from a service (actual service not specified) by not having updated their email address. The rectification for this is via downloading the attachment that will apparently assist in updating this information. The wording and instruction in this email, if not looked at closely, attempts to mislead the victim into thinking that their online capability may be deactivated if the instructions are not followed. An easy trap for those who cannot afford to not have access to their company’s internal tech systems (which is usually the whole organisation).
Read More
