A new email scam is circulating that aims to trick the user into giving up their email login details by sending over a (fake) link to a PDF to open.
Here’s how it works:
- The attacker, using a compromised email account, sends emails to that first victim’s contacts.
- The email contains what appears to be a link to an attachment (often a PDF) hosted on Google Drive.
- This lowers the target’s defenses, because they can — in theory — view documents on Google Drive without having to download anything.
- If the would-be victim clicks the link, they’ll be directed to a page masquerading as the Google login page.
- They enter their login details when prompted — and just like that, the hacker has access to their account!
- The attacker then starts the process all over again, targeting the most recent victim’s contacts.
Security experts recommend you use a different, strong password for every account you have — meaning if your password on one site is compromised, all your other accounts aren’t at risk as well. (There are password manager apps that you can use to store passwords if necessary.)
And you should enable two-factor authentication whenever possible, which means even if your password is compromised hackers can’t get into to your account without access to your phone as well.
Source:
http://www.businessinsider.com/hackers-fake-email-attachment-scam-spoof-subject-lines-break-into-accounts-2017-1#ixzz4WB8VPbyP
