this article was posted by Knowbe4.com on 10-8-2019
The bad guys are at it again. They’re posing as well-known services–such as Gmail, Amazon, and Paypal–so they can bait you into giving up your personal and financial information.
The phishing attack starts off with a common tactic: You receive an email claiming that you need to verify your account. The scammers send their emails from an active domain, which makes it look more legitimate and makes it easier for them to bypass email security filters. Once you click the button or link in the email, you’re stepped through several stages of the attack. You’re first brought to a website that is only used to redirect you to a second page. This helps the hackers get past email filters. From the second page, you’re asked to verify that you’re not a robot. Once this fake site has confirmed you’re not a robot, the real danger begins. On the final phishing page, you’re asked to fill in fields with your account credentials, credit card details, and other sensitive information. Nothing happens when you click the button to submit your information, but all of your data has already been sent directly to the attacker’s email address.
Always remember: If you receive a suspicious email from an online service that you use, log in to your account through your browser (not through links in the email) to check the validity of the information. Even if the sender’s email address appears to be from a well-known organization, the email address could be spoofed.
Stop, Look, and Think. Don’t be fooled.
The KnowBe4 Security Team