Cybercriminals are at it again with a new phishing scam that involves trying to trick you into clicking on images that look like invoices, receipts, or other documents. They are anything but legit and contain links that may install malware onto your devices that can compromise your security and privacy.
How do hackers get you to click on images within an email?
The new trend is sending fake delivery notifications, alerting you that your packages cannot be delivered for unknown reasons.
The email is entirely an image, with a link prompting you to enter your address to fix the issue.
Looking at the message quickly, it can be difficult to tell if it is a fraud. And, with the number of packages people order and receive on a daily basis, it is understandable why many fall for this scam.
Check the sender’s email address like a detective
If you recently received an email that’s claiming to be from a major package delivery company like FedEx, look closely at the sender’s email.
You can easily use your trusted search engine to look up the real email address for these companies, and if the email you received doesn’t match that address, then you’ll know it’s likely a scam.
For instance, in the phishing email below that we received, you’ll see that it is supposed to be from FedEx, yet the sender’s email address shows “@facientuantulate.com.”
Do you see how the scammer included a play button on top of the image? They want to entice you to click the image and fall for their trap.
And did you notice the words they used? They said, “We were unable to deliver your parcel,” so automatically, you’d be curious and want to click to know what package it was that you missed.
How hackers use images to trick you into phishing websites
Typically, when a hacker sends out a phishing email, it will consist of a link that you are urged to click on, which will lead you to a fake website (often disguised as a legit site like Amazon, which has nothing to do with the scam.)
The crook’s focus is to create an urgent need for you to hand over your personal information. Even worse, this new technique has hackers using images instead of links, and it’s spreading because these scumbags have made tricking us a science.
How can I avoid being scammed by phishing emails?
There are a few precautionary steps that you should keep in mind whenever you open any email, even if you think it’s from a source you believe you can trust. Here are some of our tips.
Don’t be tricked into image-based phishing
Phishing messages can be spotted more easily if you read carefully because there are typically spelling and grammar errors in them. By using only images, hackers can avoid these mistakes and get you to click on the image.
The images are large promotional banners that you might see in an email from a package delivery company like FedEx, USPS, UPS, or DHL, so you may not second guess it right away.
Once you click on the image, you are taken to phishing sites that are designed to steal your passwords and other sensitive information.
Don’t click images, links, or open attachments
If you get an unsolicited email from an unknown sender and it has links, attachments, or in this case, images that you’re being urged to click on, this is a big red flag. Clicking any of these can let in trouble and take you and your personal data down a dark dangerous path without you knowing until it is much too late.
This is one of the main ways that scammers will bait you to landing on phishing websites. So, make sure you’re not just blindly trusting the sender and clicking on or opening whatever they’re offering you.
Don’t let your emotions get the best of you
When you’re checking your email, it’s really important to remember that hackers and scammers often use sneaky tactics to trick you.
One common trick is to create a sense of urgency, hoping that you’ll panic and click on their malicious links or respond to their phishing emails without thinking.
So, the key here is to stay calm and not let your emotions get the better of you, and do not reply or cooperate with the sender.
Enable two-factor authentication
Enable two-factor authentication whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.
Have good antivirus protection
The best way to protect yourself from having your data breached is to have antivirus protection installed on all your devices.
Having strong antivirus software actively running on your devices will alert you of any detectable malware in your system, warn you against clicking on any known malicious images or links in phishing emails, and ultimately help protect you from being hacked.
Report any suspicious emails to the appropriate authorities
If you receive a phishing email, do not delete it or ignore it. Instead, report it to the sender’s email provider, your email provider and the Federal Trade Commission (FTC).
You can also forward the email to firstname.lastname@example.org, which is a service run by the Anti-Phishing Working Group (APWG), a coalition of internet service providers, security vendors, financial institutions, and law enforcement agencies.
By reporting phishing emails, you can help prevent others from falling victim to these scams.
Kurt’s key takeaways
Phishing attacks can take many forms, and the latest trend of using images to lure and trick you into their traps is just another reminder of why it’s so important to be cautious when opening an unsolicited email.
Always scrutinize the sender’s email address, resist the urge to click on any suspicious images, links, or attachments, and don’t let emotions dictate your actions.
Two-factor authentication and reliable antivirus software are a must in fighting against these growing cyber threats aimed at targeting Americans more than ever before.
If you receive one of these phishing emails, take the time to report it so that you not only protect yourself but also help protect others in an effort to thwart these malicious schemes.
Have you ever encountered a phishing email that used images to trick you? How did you recognize it, and what did you do to protect yourself? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Copyright 2023 CyberGuy.com. All rights reserved.