How To Not Be Fooled Into Biting On A Cyber-Bait
Some time ago I wrote an article about “How to scam the phishing scammer” and I smiled each time my users got a suspicious email, I’d just rescam them and fold my hands while their time would be wasted by Artificial Intelligence – AI email robot, just to wake up some day with a user panicking about password expiry notice from Microsoft 365.
Hackers never rest, they spend so much time trying to find holes and leaks, finding ways to inject some scripts to gain privileges and so on and so forth. Most users fall into simple traps and baits ending up giving away their credentials or worse still credit numbers and PIN code.
So this rogue thief created a look alike log in page for Microsoft 365 or Live and sends out to his targets. He uses a dummy site which has a script that re-directs you to a login page which looks like Microsoft. Probably the site was injected to host the phishing script. (Am yet to find out)
Without noticing the re-direct and the actual link on the login page, a user will simply give away their credentials. It is strongly advisable (good practice) not to follow links or open attachments from any unknown source or unsolicited mail. If at all there are suspicious links, call the email sender and ask them before opening. All emails asking for your ID or password must be deleted without clicking any links or images contained therein. For Microsoft 365, enable the inbuilt malware scanner and make sure your anti-virus is always updated. Until then DO NOT poke your nose into any “YOU HAVE WON” or “A FREE GIFT AWAITS YOU” trick.