In Finland we have encountered a new kind of phishing campaign. In this campaign a phishing email, camouflaged to look like a secure email, takes the user to a website where the user is asked to login using their email address and password. This is a scam!
According to a press release (in Finnish) by The National Cyber Security Centre Finland (NCSC-FI), the email is usually sent from a familiar organization with whom the victim has previously been in contact with. The subject or the message itself does not look suspicious at all. The email directs the user to open an encrypted email message using a web-browser by clicking the link. After this the victim is asked to give their email address and password.
A genuine secure email never asks for your email credentials.
It is good to remember that a genuine secure email service never asks for your email account credentials. No service should ever ask for credentials you use in another service.
- Always be alert when you are asked to provide personal or confidential information. If you are not sure, double check with your company CISO.
- Remember that the browser URL field reveals what site you are on currently. Always read the URL carefully. The domain name of the current site can be read between the http:// or https:// and the next forward slash (“/”) in the URL, where the most significant part is to the left of the forward slash. For example, in the address http://mail.deltagon.com.evilphishingsite.com/index.php you are actually in the domain evilphishingsite.com.
Deltagon Sec@GW email encryption’s security level “letter” is based on the Deltagon MessageLock™ technique. The message sent for the recipient includes a protected link, which is locked when opened for the first time so that it cannot be opened from anywhere else. The email recipient will notice if the message has been opened from elsewhere which makes it then possible to investigate where it has been opened from.
What should I do if I get a secure email? How can I know if it is real or a scam?
For the end-user it may prove challenging to visually separate a well-done scam from a genuine secure email, and in many cases the email has been sent from an email address familiar to the victim. Also, the message subject might be similar to previously received legitimate emails.
What can a recipient of a secure message do?
- Always keep your Operating System, browser and antivirus software up to date.
- When receiving email, always check the links before clicking them by hovering your mouse cursor over the link. Never open a link from email if you don’t trust the URL the link takes you to.
- Think about whether you were expecting the email you received or did it come as a surprise.
- If possible, call the sender to ask if they actually sent the email in question.
- You can check the email meta-information for where the email was sent from.
- When ever you are unsure, please turn to your organization's Information Security Officer.
If you believe you have been targeted by this scam email or other phishing attempt, please inform the National Regulatory Authority.