Police are looking to inform the public about new and improved ways scammers are using in attempt to get money from unsuspecting victims.
Kingston Police have become aware of these methods, which including posing as well-known services to bait people into giving up personal and/or financial information. Some of the services scammers are trying to imitate include Amazon, Gmail, and PayPal.
According to Kingston Police, the phishing attack starts with the common tactic where potential victims receive and email claiming they need to ‘verify your account.’
“The scammers send their emails from an active domain, which makes it look more legitimate and makes it easier for them to bypass email security filters. Once you click the button or link in the email, you’re stepped through several stages of the attack,” Kingston Police said in a press release on Wednesday, Oct. 9, 2019.
Users are first brought to a website that is only used to redirect them to a second page, which helps the hackers get past email filters, police said. From the second page, uses are asked to verify that they are not a robot.
“Once this fake site has confirmed you’re not a robot, the real danger begins,” Kingston Police said. “On the final phishing page, you’re asked to fill in fields with your account credentials, credit card details, and other sensitive information. Nothing happens when you click the button to submit your information, but all of your data has already been sent directly to the attacker’s email address.”
If you receive a suspicious email from an online service that you use, police advise you to log into your account through your browser – not through links provided in an email – to check the validity of the information.
“Even if the sender’s email address appears to be from a well-known organization, the email address could be spoofed,” Kingston Police said.