In a media release, dated Wednesday, Feb. 3, 2021, Kingston Police describe a popular phishing scenario where cybercriminals use phony look-alike login pages to steal credentials and access sensitive information.
“You receive an email with a link. The link takes you to a phony login page with the name and logo of a legitimate website,” explains Constable Ash Gutheinz, Media Relations Officer. “Once you submit your username and password, the information is sent straight to the scammers.”
Now cybercriminals have developed a way to make look-alike pages even more convincing, according to the release. Scammers use a special tool to automatically display your company or organization’s name and logo on the phony login page. Kingston Police say they can even use this tool to populate your email address in the corresponding login field. This creates a false sense of security because many legitimate websites remember your username if you have logged in previously.
While this is an advanced attack, Kingston Police say you can still stay safe by practicing the tips below:
- Never click a link in an email that you were not expecting.
- Remember that any site, brand, or service can be spoofed.
- When you’re asked to log in to an account or online service, navigate to the official website and log in. That way, you can ensure you’re logging in to the real site and not a phony look-a-like.