A New Phishing Scam States ‘Encrypted Message Received’ To Trick The Victim

Phishing scams are among the most diversified and dynamic cyber attacks that depict the creativity of scammers. Since most phishing scams are seemingly easy to detect, the perpetrators utilise ever changing tactics to trick users. Once again, a new phishing scam has surfaced online that lures users by generating an ‘encrypted message received’ alert.

‘Encrypted Message Received’ Phishing Trick

Reportedly, Bleeping Computer has spotted a new phishing campaign that tricks users by generating ‘encrypted message received’ alerts.

The scam seems carefully crafted to bluff most users as it appears like an email from the email server. The malicious email prompts the users about an ‘encrypted message’ received to them.

Source: BleepingComputer

When a user clicks on the ‘View Encrypted Email’ link, it then redirects the users to a fake OneDrive web page, further requiring the user to click on the ‘Open’ button.

Source: BleepingComputer

Once clicked, the user then sees a fake OneDrive login page, where the user should supposedly enter the credentials.

Source: BleepingComputer

Once the user enters the ‘email login credentials’, he or she gets nothing. Whereas, the attackers seamlessly get the victim email credentials!

Protect Yourself From Email Phishing

Phishing attacks aren’t anything new. The bad actors love to leverage every potential opportunity to prey on innocent users, especially when it comes to hacking login credentials and financial details. With a little vigilance, users can easily protect themselves from falling prey to such phishing attacks.

For ready reference, here we quickly review the precautionary steps one must never forget.

  • Be very careful while opening emails from untrusted or unknown senders.
  • Double check the sender’s email address to confirm if the email belongs to an official account.
  • NEVER CLICK ON ANY LINKS OR ATTACHMENTS IN EMAILS FROM UNKNOWN SENDERS. Even if you doubt that the email belongs to your mail server, your bank, or your office, you can always contact the suspected source via other means to check the authenticity of the email.
  • Even if you click on the link, make sure not to enter your login credentials when required.
  • In case of attachments, never download any executable files, no matter how important they seem.

In short, the more you remain cautious, the more secure you will remain online.

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients