Security News Clever Phishing Trick You Need to Be Aware Of

[LASER_oneXM]

.....some quotes from the article above:

In most phishing attacks, crooks leverage a common theme, asking users to update their profile information on various profiles, but redirecting users to pages hosted on lookalike domains.
As users have got accustomed to this basic phishing trick in recent years, attackers found other creative ways of phishing for login credentials.

One trick, first seen in June 2016, was observed again this past month. This clever phishing attack relies on telling users they received an important or secure file, and they need to visit a web page to view it.
The real trick takes place on the crook's page, which shows a blurred out document on the background. To view the document, users have to enter their credentials.

The blurred out document seen in the page's background acts as a promise for what users are going to receive if they authenticate. In fact, these are nothing more than simple web pages showing an image of a blurred out document, and nothing more. The only thing working on the page is the login form that will record any login credentials that you enter inside it.

Just like the 2016 attacks, crooks don't specify which login credentials users have to fill in, and leave it to the user enter what he thinks he should entered. A careless user could enter anything from his Intranet details to Google logins.

 

[Davidov]

This is actual for me twice now wanted money via paypal .-) They hope that they would return and rob someone is. Davidov

 

[Tony Cole]

Got an email today that I had donated £180 to Syria appeal, if you click the link to view statement it downloads a malicious payload via zip file.

spoofed migrant helpline donations delivers malware | My Online Security

Antivirus scan for 0b3d63fd803e6282a0285727f555db6f5fe4f0b653ab7e3e6647373661287f1b at 2017-01-09 14:50:20 UTC - VirusTotal