Detecting scam emails is getting increasingly difficult as attackers use more and more sophisticated methods.A new report highlights a method which makes fake security alerts from Google and PayPal look convincing.It reinforces the need to apply a simple but effective safeguard anytime you receive what seems to be an important email requiring your immediate attention … How do phishing attacks work? A phishing attack is when someone sends you a fake email claiming to be from a company or organization, and including a link asking you to login to take some action.
Very often the email will create a sense of urgency, for example claiming that your account has been compromised.The link will take you to a webpage intended to look like the real thing, but which is used to collect your login credentials.There are a number of steps companies like Apple and Google take to try to detect and block phishing attacks, as well as clues you can look for to identify many fakes.
However, reports on a clever method being used to impersonate Google and PayPal.A highly convincing attack method A highly experienced developer and security professional received one of them, and did some digging.What the attacker had done was create the fake login page on sites․google․com, a web hosting service anyone can use.
They also used a trick to get Google to send them a real email, then forwarded it with the scam content.This meant it appeared to have passed the standard security checks intended to identify this type of scam.The login page is also an exact copy of the real thing.
Google says it is working on a fix to prevent this method being used in future, but it remains possible for now.A similar method has been used with PayPal, in which a gift feature was used to have the phishing email appear to originate from a genuine PayPal address.How to protect yourself The most important step you can take is to never click on links received in email, even if it appears genuine.
Instead, use your own bookmarks or type a known genuine URL.Be especially wary of emails which imply urgency.Common examples include: Claiming that your account has been compromised Sending you an invoice for a fake transaction, and a link to cancel it Claiming you owe money for tax, road tolls, etc, and need to pay immediately In the Google case, it claims law enforcement has served them with a subpoena requiring access to your account content, and inviting you to object.
Highlighted accessories
Anker 511 Nano Pro ultra-compact iPhone charger
MagSafe Car Mount for iPhone
Apple MagSafe Charger with 25w power for iPhone 16 models
Apple 30W charger for above
Anker 240W braided USB-C to USB-C cable
You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day.Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop.Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel
