Cybercriminals pose as original senders, warn Kingston Police

Working with a third-party organization can be a great help, but what happens if that third party falls victim to a cybersecurity attack? Kingston Police is warning that not only could your organization’s shared data be exposed, but you may become the target of a very unique phishing attack.

According to a release from Kingston Police, dated Thursday, Oct. 1, 2020, once a scammer has access to a third party’s email account, they can use it to send phishing emails from a legitimate and familiar email address. Some cybercriminals take this attack a step further by forwarding or replying to real emails that were already in the third party’s inbox, police say. Posing as the original sender, the scammer sends a simple message such as “Here’s that document you needed.” and includes their own malicious link or attachment. Typically, the phishing email is completely unrelated to the original email but the attack can still be convincing because it appears to be part of a previous conversation.

Kingston Police offer these tips on how to stay safe from third-party phishing attacks:

• Never click a link or download an attachment from an email that you weren’t expecting—even if it appears to be from someone you know.
• Read the prior conversation and compare it to the newest email. If you find that the information is unrelated or if the sender never mentioned a link or an attachment previously, this could be a phishing attack.
• If you’re unsure whether or not an email is legitimate, reach out to the sender by phone. One quick call could save your organization from a potential data breach.

Kingston Police are reminding the public to stop, look, and think. Don’t be fooled be fooled by the scammers.