Attack Vector: Phishing Real or Phony?

It seems difficult sometimes to tell what is real and what is fake when it comes to email messages. Take the Yahoo email notifications hitting inboxes and urging users to verify their account because it has “exceeded its limit.”

That is fake. While Apple the email requesting more information from their app store, is real. Who can tell?

The Yahoo message comes with a veiled threat of account suspension within 24 hours aimed at making users panic and raise the likelihood of them following the offered link, according to a report from email security information provider Hoax-Slayer.

RELATED STORIES
Tool to Counter Cyber Threats
Utilities Under Daily Attack
Security Firm Finds Attack Signs
Tool Automates an Attack

For those that do click on the link, it leads them to a fake Yahoo login page, and all login credentials inputed and submitted are now in the hands of the phishers who created the page, ready to hijack the users’ accounts.

Then the criminal wheels start turning as the accounts can work in a variety of malicious schemes like hitting the users’ contacts with links leading to malware or with fake pleas for money due to an unforeseen and difficult situation.

Meanwhile, the reverse was true in terms of getting an email from a reputable company.

Apple iOS device owners whose Apple ID account triggered a flag with Apple’s security team needed to set up three new security questions and a backup email address when they tried to download apps.

The request left some wondering if they were hit by a phishing attempt because Apple didn’t explain the move.

Rest assured, this request is legitimate, as Apple confirmed it is part of the company’s attempt to shore up security.