Police warn of new “service desk” email scam

Kingston Police have become aware of a new phishing attack tricking unsuspecting users into sharing their login credentials over email.

Police say the emails claim that you have unread emails due to your cloud storage being full, and gives you options to resolve the issue. Clicking on either link that is provided sends you to a phony login page for your service provider and any information on this page is then sent directly to the scammers.

According to police, this scam is sneaky because the fake login page not only looks official, but it also functions like a real login page. Only passwords that meet real requirements are accepted. If an acceptable password is entered, the user is redirected to the actual website of the service provider they just provided credentials for, police say. Second, the email is sent from a no-reply address using the domain “servicedesk.com”. Many people are used to seeing emails from support desks, which makes this sender feel legitimate. Third, the email itself bypasses security filters that may be in place by using a combination of factors that makes email security filters think the link is secure.

Police want don’t be fooled and remember these tips:

• Phishing emails are often designed to create a sense of urgency. In this case, the idea that you’re missing important emails. Think before you click, the scammers rely on you clicking impulsively.
• Email security filters can only do so much to protect your sensitive information. Stay alert and help create a human firewall for you or your organization.
• When an email asks you to log in to an account or online service, log in to your account through your browser and not by clicking the link in the email. That way, you can ensure that you are logging into the real website and not a phony look-a-like.