Menu
By Cian Fitzpatrick | 30th October 2024
Halloween comes once a year, but the internet delivers horror on a daily basis. Many of us spend hours online each day. We could be catching up on emails, attending virtual meetings or booking our next meal out.
However, in the convenience of these activities lies a growing set of cybersecurity risks that too many people are unaware of. Cybercriminals are becoming more creative, targeting even the most innocuous-looking websites. This turns ordinary online tasks into traps for unsuspecting victims.
From duplicate login screens to social event pages that ask for too much information, these risks extend beyond basic phishing scams. They tap into our reliance and increasing demand on and for online convenience, often exploiting the areas where our defences are down.
Imagine receiving an email that looks like it’s from your favourite social network or your bank. Probably not hard to do as these emails are commonplace now. You are prompted to log in. The page seems completely legitimate; the logos, fonts and layouts are all familiar to you. . You quickly enter your credentials, only to realise too late that the website was a meticulously crafted replica, designed to steal your login details.
This is a common phishing tactic where hackers create duplicate login pages to trick users into submitting their personal information. Phishing has been around for decades, but it’s evolving to become more sophisticated. Today, attackers don’t just rely on generic scams. Instead, they often target users with highly personalised attacks, using familiar branding and language to lower their guard.
Always check the URL closely before entering sensitive information. Phishing sites often use URLs that are only slightly different from the legitimate site (e.g., “gooogle.com” instead of “google.com”). Better yet, avoid clicking on login links from emails and go directly to the site from your browser.
It’s common to come across an event page on social media, such as a community fair, a concert, or a virtual conference, and be prompted to provide personal information to RSVP or book tickets.
Beware of doing this.
Some of these pages may be fronts for cybercriminals seeking to harvest personal information.
Event pages that ask for your name, address, email, phone number, and payment details create an easy opportunity for attackers to gather sensitive data. Once they have this information, they can use it to perpetrate identity theft, target you with additional scams or sell your data on the dark web.
Be cautious about the personal information you provide online. Ask yourself if the website truly needs the details it’s asking for. Is the event from a reputable source? If you’re unsure, verify the legitimacy of the organiser and the page before filling in any forms.
Online reservations are an easy way to book a table at your favourite restaurant, but the few clicks it takes to book may not be as innocent as you think. This convenience has attracted cybercriminals who create fake reservation websites to collect personal and financial details. Often, these scams target users through email promotions or social media ads, directing them to fraudulent reservation systems designed to look real.
Once you’ve entered your payment information, hackers can make unauthorised transactions, steal your credit card details or even gain access to your email account if you use the same login credentials.
Always ensure that the website you’re using is secure. Look for signs like HTTPS (the padlock icon) in the browser’s URL bar. If a restaurant’s booking system looks unfamiliar, call them directly to confirm before sharing personal details online. (A simple phone call to verify can save you from becoming a victim of a cyber attack.)
Email remains the most popular tool for communication, both personally and professionally.
Unfortunately, it’s also the most common entry point for cyberattacks (91% of cyberattacks happen through email). Phishing emails are often the starting point for many scams, including fake login pages, event scams, and online booking traps.
These emails may seem harmless, often mimicking trusted brands and services you use regularly. They encourage you to click a link, which redirects you to a fraudulent website where you unknowingly hand over your credentials. Once attackers gain access to your email, they can unlock a world of information—personal communications, financial records, and even access to other online accounts.
Beyond just personal risk, your compromised email can be used to carry out further attacks on your contacts. This will spread malicious links to colleagues, friends and family.
As email remains a critical communication channel, it’s essential to implement protections like DMARC (Domain-based Message Authentication, Reporting & Conformance). DMARC helps protect your domain from unauthorised email use, preventing cybercriminals from sending fraudulent emails that appear to come from your business. By authenticating the origin of your email, DMARC builds trust with recipients and reduces the risk of phishing and email spoofing.
For businesses, this is particularly important.
A compromised domain can lead to significant reputational damage, lost clients and costly financial fraud. Regularly monitoring your email security, implementing DMARC policies, and ensuring your employees are aware of the risks are crucial steps toward strengthening your defences.
Phishing awareness training is another way to strengthen your online moat. Train your people to be able to identify a suspect link to prevent costly clicks.
Staying safe online requires a mix of awareness, scepticism and proactive measures. Both technology and human expertise are required.
Here are some best practices to help you navigate the online world without falling victim to these growing risks:
Even if an email looks familiar, always verify the link before clicking. Phishing scams are designed to mimic legitimate companies, so check the email address and hover over the link to see where it leads.
Protect your accounts with an additional layer of security. Even if your login credentials are compromised, 2FA requires a second step (such as a code sent to your phone) to verify your identity.
Use complex, unique passwords for each of your online accounts. Avoid using the same password across multiple sites, especially for email and banking services.
Password managers store and generate strong passwords for all your accounts. They can also recognize fake login pages, which provides an extra layer of protection when you enter credentials.
Always check that the website you’re visiting uses HTTPS encryption, indicated by a padlock icon in the address bar. This ensures that any information you share is encrypted and less likely to be intercepted.
Be mindful of what you’re sharing and with whom. If a website asks for details that seem excessive for the transaction, reconsider whether the site is trustworthy.
Tools like DMARC monitoring can help ensure that your emails and domain remain protected from phishing and spoofing attacks. Being proactive with these defences helps secure both your business and personal communications.
As online threats continue to evolve, so too must our awareness and defences. From duplicate login screens to event page scams, the risks are all around us, hidden in everyday online tasks that we take for granted.
By staying informed, using best practices, and securing your email communications, you can significantly reduce your chances of falling victim to these traps.
In an age where convenience is king, it’s easy to overlook the fine details.
But don’t.
When it comes to reducing your online risk, those details can make all the difference.
Contact us for more information. The Topsec team works with a large number of clients in Ireland and the United Kingdom. You can see how our customers rate our holistic approach to email security here.
Deep dive into some of the online risks and how you can protect yourself from these risks.