If sharing your identity with other people bothers you, read this carefully. This is a very effective scam to get to your mail attachments and online cloud storage.
Left click or middle click the images to enlarge. It’s important that you see all the details. Note: I’ve smeared actual names in order to protect the innocently conned.
This is my Thunderbird Inbox. Note the email titled “Secured Investment Document”.
Just above you can see the button titled “View Folder”. Expo 2020… sounds semi-interesting. Somebody you know sent it, so based on that, many people will click on the button. Actually you may or may not know them but your email is in their address book. And it wasn’t them who sent it. It was somebody who hacked into their email the same way they are trying to hack into yours. Keep reading.
I clicked on it and Firefox opens. The message below appears. This should convince most people to back off now. IE offers a similar message. But it might not appear depending on the browser or if the browser is poorly configured.
I clicked on “Ignore this warning”. Then the screen below appeared. This is the scam part.
All they want is a valid email address and password. Once they have that, they can peruse your email for sensitive or financial info. Note the URL beginning with “kl”. It’s clearly not Google. Always pay attention to URLs. If it doesn’t look legitimate or just plain “right”, do not proceed.
When I clicked on the drop-down arrow to the right of “Gmail” button above, the screen below appeared which offered a selection of all the major email players. Note the “Others” option. This permits them to get the credentials for email with any domain name.
I entered a fake email address and password. Then the screen below appeared. That screen is just a ruse. I think at this point, they already have the info they need (your email and password). They are just trying to trick you into thinking it’s legit. Again, note the URL beginning with “kl”.
Be careful. Never fall for a scam like this. The unfortunate owners of this email account did fall for it. Their email address and password were stolen when they entered their email credentials and their account was then used (by people unknown in a place unknown) to send email like this to everyone in their address book, in order to steal more email addresses. More importantly, their email attachments and/or cloud drives were almost certainly searched for tax and financial data that could be used to steal their identity.
This scam has many variants. Always be careful and look at these types of emails with a very critical eye. Taking the time now could save you a lot of time later.
And one more very important note: Stealing your email credentials is not the only way to view your attachments. If your financial institute, bank or accountant is emailing sensitive financial information as attachments, you need to tell them to stop doing that immediately. The alternatives are sending it as an encrypted attachment or a fax. Attachments can be intercepted by packet sniffers at any point between you and the sender (and there are a lot of points). If they are sending you an encrypted attachment, they must not send the password in that email or in any email. It should be conveyed to you via phone or fax.