Phishing attacks are one of the most important methods for hackers to steal passwords. Over time they have been perfecting them, although the basis of everything is the same: make the victim click on a link and steal data and passwords. Now they have devised a new and sophisticated attack with which they manage to steal the access codes.
New trick to steal passwords by Phishing
Something that has increased a lot in recent times is the use of electronic signatures . They serve to authenticate us and be able to carry out transactions remotely, without the need to physically meet in a place. This is very useful, but we can also experience problems.
Hackers have taken advantage of it. In fact, this new Phishing method is based on supplanting DocuSign , one of the leading electronic signature services. They use different techniques for this. What it does is spoof the address and subject of a legitimate email related to digital signatures.
When the victim clicks, they go to an address that appears to be the real DocuSign address. A button appears to view the full document . It simulates a legitimate action to exchange confidential information and alternative signature methods. Upon entering, they arrive at a Microsoft login page, which is often used in these cases. In addition, it shows the view of the document with a watermark to trick the victim into thinking that just by continuing they will be able to see it.
The problem is that, as indicated by Armorblox , the email protection does not recognize these emails as a threat. They interpret that it is something legitimate and do not block it. This leaves users unprotected, since the e-mail will arrive in the inbox and they will be able to fall into the trap.
Tips to avoid these attacks
So what can we do to avoid falling victim to these attacks? It doesn’t matter if cybercriminals perfect phishing techniques and change the way they send emails or show us a page. The recommendations to maintain security remain the same and it is essential not to skip any of them.
The first and foremost thing against Phishing is common sense . We must avoid making mistakes that could harm us. In this case, the main mistake would be to open a link that comes to us by e-mail and pretends to be legitimate. Whenever there are doubts or we do not see clearly that it has really been sent to us by a reliable person, we should avoid entering these links. It is essential to recognize when a page is Phishing.
Also, it is very important to have everything updated correctly. Sometimes vulnerabilities arise that can be exploited by hackers and steal passwords or gain access to the system. With patches and updates we can correct these problems and be more protected.
On the other hand, it is also advisable to always have a good antivirus installed. This will help prevent the entry of malware that could harm us. There are many options, such as Windows Defender, Avast or Bitdefender. All of them will act as a defensive barrier.