Have you received an email warning that your email or social media account password has “expired” and inviting you to follow a link to change it? If so, congratulations. You’re a target of the newest scam—and also one of the oldest in the book.
Yes, the “change password” scam has returned with a vengeance.
No one knows how common this particular form of online fraud is since it’s difficult to track. But phishing attacks, in general, are up from last year, according to a recent report from Wombat Security. Billions of email accounts are compromised every year.
“The attacker can acquire a million email addresses for a price of a latte,” says Igor Baikalov, chief scientist at Securonix, a computer security firm.
I’ve received the emails, many of my media colleagues have, and chances are, you have too. Fortunately, most of them go directly to your spam box. But not all of them.
“This scam works simply because a significant part of the population is just naïve to the most basic of scams,” says Robert Siciliano, a security analyst with Hotspot Shield.
“Change password” scams are making a comeback because people are confused. But the goal is the same: Criminals want to get into your social media account, where they’ll target your friends. Fortunately, you can protect yourself with a few easy steps.
Why the “change password” scam is back
Scammers are getting smarter about their phishing excursions, and their timing is perfect. Uncertainty about Europe’s strict new privacy law, the General Data Protection Regulation (GDPR), plus several recent data breaches that have prompted companies to send legitimate “change password” requests, is confusing to consumers. Given all that’s happened, there’s a presumption that the emails are legitimate, even though many are not.
“We’ve seen several phishing scams cite the newly enacted GDPR as a reason to request information from targets, taking advantage of the confusion around these new regulations and the deluge of related emails that internet users are already receiving,” says Harold Li, a vice president, at ExpressVPN, a provider of virtual private networks.
Don’t let this happen to you
Consider what happened to Stacy Caprio when she received a warning that her Facebook password needed to be updated. “I clicked the link to update it,” says Caprio, an internet marketer. “My account was hacked, and I had to go back in and change the password.”
Looking back, she says it was obviously a password heist. The scammers sent their illegitimate request to a newer email address that wasn’t even connected to her Facebook account.
Don’t blame Caprio. The “change password” scam is becoming so sophisticated that even professionals are having a hard time telling it apart from the real thing.
“The emails look real very real,” says Morey Haber, chief technology officer at cybersecurity company BeyondTrust. “Most of the basic content is well-formed, there are no spelling or grammatical errors, and the hyperlinks and email addresses are cleverly spoofed to resemble their legitimate counterparts.”
How to avoid a “change password” phishing attack
While the bad guys are constantly reinventing the “change password” scam, the steps to prevent it remain the same. They include:
- Use two-factor authentication on all your email and social media accounts. That way, even if criminals extract your password, they won’t get past the front door.
- Review any emails that appear to come from Gmail, Yahoo, Microsoft or any social network. “Check the contents of the email and verify carefully,” says Mike Bradshaw, a partner at ConnectMarketing, a business-to-business marketing agency. “Look for any misspellings, grammatical errors, incorrect links or email addresses.”
- Never click on any attachments that may come from a suspected spam threat, especially one requesting you to change passwords. “Question every email that is not a direct response from a request you’ve made,” says Leia Shilobod, CEO of InTech Solutions, an IT services company.
This is also a perfect time to check your antivirus software. A product like Norton can protect you from attachments that install malware on your computer. That, plus knowing how the “change password” scam works, why it’s back, and how to avoid it, will keep you out of trouble.
DISCLAIMER: This article expresses my own ideas and opinions. Any information I have shared are from sources that I believe to be reliable and accurate. I did not receive any financial compensation for writing this post, nor do I own any shares in any company I’ve mentioned. I encourage any reader to do their own diligent research first before making any investment decisions.
EOS Cuts All Ties with Founding Company Block.one Through Hard Fork Antelope
As announced, EOS installed the Antelope 3.1 upgrade in its network on September 21st. With that, all connections to Block.one...
Plenitude (ENI) buys 65% of Hergo Renewables to Develop 1.5 GW Photovoltaic Projects
Last February Infrastrutture spa obtained a non-recourse loan of more than €8 million from Japanese lender Sumitomo Mitsui Trust Bank....
Nexi Is also in the Running for Sabadell’s Payments Division
Nexi ended the first half of the year with €1.52 billion in revenues (+8.7%) and Ebitda of an impressive €702.4...
World Football Summit: FIFA World Cup Business Opportunities and Beyond
With the FIFA World Cup approaching, every business and investor needs to position themselves to take full advantage of the...
Loona Launches Crowdfunding for a Cute Robot Pet with Versatile AI
Perhaps the cutest robot to date is currently being funded on Kickstarter. Loona combines versatile motor skills with numerous sensors...
Business1 week ago
The TopRanked.io Weekly Digest: What’s Hot in Affiliate Marketing [Week 37]
Business2 days ago
The TopRanked.io Weekly Digest: What’s Hot in Affiliate Marketing [Week 38]
Business2 weeks ago
At This Week’s Close, the Dow Jones Was Much Closer to its 52Wk Low Than its 52Wk High Line
Featured2 weeks ago
Fintech Company Yokoy Has Been Chosen as the Startup of the Year