Sunday, 24 Nov 2024

Dangerous new scam that knows how to beat your email filters

Criminals are using security gaps in legitimate websites to sneak malicious links past your spam filters and into your inbox.

The scam exploits a flaw in the sign-up forms of real companies online to trick email providers into allowing their dangerous links to get through.

"At present, there’s no effective method users can employ to stop these emails from bypassing email spam filter," said Comparitech.com , who uncovered the trick.

Spam filters typically check for suspicious words, phrases, and links – but one of the main things they look at is the email address itself.

"If the email address is coming from a whitelisted site or appears fully legitimate, it’s unlikely to be stopped by a spam filter even with a suspicious link in the content of the email," Comparitech said.

How the scammers get away with this

Lots of websites ask you to enter your first and last name in a sign-up form, then send you a confirmation email.

Comparitech found examples where a scammer can register with someone else's email address, but put a phishing link in the sign up form that is then included in the confirmation email.

"The scammer used my email address to sign up for an account, but instead of a first name, inserted a few choice words and a clickable hyperlink," Comparitech's privacy advocate Sam Cook explained .

"This scammer was able to insert a working hyperlink in a legitimate website’s account sign-up form, which was then able to make its way to my inbox."

Staying safe

Cook offered the following advice for people worried they could be targeted too:

  • Check to make sure the website is legitimate. Do not click any links in the confirmation email. Instead, type in the website name in Google search to verify its existence.
  • Check the form name that was submitted and is given in the email. If it contains a link next to the introduction (“Dear X [hyperlink]), it’s probably a phishing attempt.
  • Do NOT click on the link. Instead, contact the website in question to let them know you did not sign up to create the account yourself, and give the supposed username that was listed to sign up with your email address

Read More

Latest scams

  • Laptop repair that costs you £1,000
  • What the police would NEVER ask you 
  • 10 step plan to never be conned again
  • Young at risk from car insurance scam

Source: Read Full Article

Related Posts