One of the most common tactics cybercriminals use when targeting small and midsize businesses in phishing attacks in the form of fake notifications. These are usually meant to try to scare you into some action with messages like “Your account will be suspended in 24 hours.”
These attacks rely on fake messages that the app or service doesn’t actually send. This Office 365 phishing email is an excellent example of that—Microsoft doesn’t actually send you any emails saying your account has been suspended (you WILL get notifications that your credit card has expired).
But cybercriminals are getting better. They’re paying attention to what notifications popular companies do send and duplicating those in phishing attacks. And they’re pretty tricky to spot. Let’s look at this example we were sent recently.Read More »