Threat Brief: Why You Need to Be Careful of Links in Email

Christopher Budd


Category: Threat Brief, Unit 42

In recent research, Palo Alto Networks found attackers were creating fake versions of some well-known and well-trusted websites – including Adobe, DropBox, Facebook, and others- and putting malicious links to these sites into phishing emails sent to unsuspecting victims.   Here we explain this type of attack and what you should do.

 

What is it?

A method attackers use to target you using email that you might not know about.


Why should I care, what can it do to me?

Attackers can gain access to your personal and financial information. They can also steal your computer’s processing power to mine for cryptocurrencies, which slows down your system.


How can I prevent it?

Avoid clicking on links that you get in email. If you get an email and need to go to that website, type the address in your web browser yourself. If the link is an email from someone you know, you can also contact them to find out if they meant to send it, and if it is safe to visit.


What causes it?

Attackers know that people will click on links in email. Especially when you get an email from someone that looks like someone you trust.


How does it work?

Attackers send emails that appear to be from a person or company that you trust. These emails contain malicious links that, when clicked on, lead you to an attacker’s page. In addition to taking steps so the attacker’s page mimics a legitimate one,  attackers often mirror well known security images, like the lock symbol, to convince you that you are on a secure site.

Once you’re on the attacker’s page, the attackers may ask you for personal information (like usernames, passwords, and bank account information) or to install software, or both.

In recent research, we found attackers were using fake versions of some well-known and well-trusted sites:

  • Adobe
  • DropBox
  • Facebook
  • Google Docs and Google Drive
  • Microsoft Office 365


About:
Threat Briefs are meant to help busy people understand real-world threats and how they can prevent them in their lives.

They’re put together by Palo Alto Networks Unit 42 threat research team and are meant for you to read and share with your family, friends, and coworkers so you can all be safer and get on with the business of your digital life.

Got a topic you want us to write about for you, your friends, or your family? Email us at u42comms@paloaltonetworks.com.

 

1 Reader Comment

  1. I’ve also seen DocuSign as well-

    Thank you…

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.


© 2018 Palo Alto Networks, Inc. All rights reserved.