{"id":30058,"date":"2022-02-24T13:34:41","date_gmt":"2022-02-24T11:34:41","guid":{"rendered":"https:\/\/www.kaspersky.co.za\/blog\/reset-notification-scam\/30058\/"},"modified":"2022-02-24T13:34:52","modified_gmt":"2022-02-24T11:34:52","slug":"reset-notification-scam","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/reset-notification-scam\/30058\/","title":{"rendered":"Password reset notification scam"},"content":{"rendered":"<p>Most online services have a built-in security system that alerts you when it detects \u201cunusual\u201d activity on your account. For example, services send notifications about attempts to reset the phone number and e-mail address linked to the account, or the password. Of course, as soon as such messages became commonplace, enterprising cybercriminals tried to imitate this mechanism to attack corporate users.<\/p>\n<h2>Example of a fake notification<\/h2>\n<p>If it\u2019s a public online service attackers will usually make every effort to create exact copies of a real message. However, if attackers are hunting for access to an internal system, they often have to use their imagination as they might not know how the email should appear.<\/p>\n<div id=\"attachment_43729\" style=\"width: 1890px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/103\/2022\/02\/24133448\/reset-notification-scam-letter.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-43729\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/103\/2022\/02\/24133448\/reset-notification-scam-letter.jpg\" alt=\"Real example of a fake notification about a change of phone number.\" width=\"1880\" height=\"373\" class=\"size-full wp-image-30059\"><\/a><p id=\"caption-attachment-43729\" class=\"wp-caption-text\">Real example of a fake notification about a change of phone number.<\/p><\/div>\n<p>Everything about this message looks ridiculous, from the incorrect language to the rather dubious logic \u2014 it seems to be at once about linking a new phone number and about sending a password reset code. Nor does the \u201csupport\u201d e-mail address lend credibility to the message: there is no plausible reason why a support mailbox should be located on a foreign domain (let alone a Chinese one).<\/p>\n<p>The attackers are hoping that their victim, fearing for the security of their account, will click the red DON\u2019T SEND CODE button. Once done, they\u2019re redirected to a website mimicking the account login page, which, as you\u2019d imagine, just steals their password. The hijacked mail account can then be used for BEC-type attacks or as a source of information for further attacks using social engineering.<\/p>\n<h2>What to explain to company employees<\/h2>\n<p>To minimize the chances of cybercriminals getting their hands on employees\u2019 credentials, communicate the following to them:<\/p>\n<ul>\n<li>Never click on links in automatic security notifications, whether real looking or not.<\/li>\n<li>On receiving a notification, check the security settings and linked details, do so by opening the website in the browser manually.<\/li>\n<li>A clumsily worded notification (as in the example) is best ignored and deleted.<\/li>\n<li>If the notification looks real, notify the IS service or security officer; it may be a sign of a targeted attack.<\/li>\n<\/ul>\n<h2>How to protect company employees from phishing<\/h2>\n<p>In general, it\u2019s best to keep phishing e-mails out of employee inboxes altogether. Ideally, they (plus all other unwanted correspondence, including spam, messages with malicious attachments and BEC-related e-mails) should be intercepted at the mail gateway level. To combat these very threats, we have recently updated our e-mail protection solution for gateways. Learn more on the <a href=\"https:\/\/www.kaspersky.co.za\/small-to-medium-business-security\/mail-security-appliance?icid=en-za_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Kaspersky Secure Mail Gateway<\/a> page.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Anti-phishing lessons: what company employees should know about fake notifications about account security.<\/p>\n","protected":false},"author":2598,"featured_media":30061,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3020],"tags":[3222,1815,76],"class_list":{"0":"post-30058","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"tag-bec","10":"tag-e-mail","11":"tag-phishing"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/reset-notification-scam\/30058\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/reset-notification-scam\/23939\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/reset-notification-scam\/19423\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/reset-notification-scam\/9763\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/reset-notification-scam\/26187\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/reset-notification-scam\/24152\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/reset-notification-scam\/23952\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/reset-notification-scam\/26945\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/reset-notification-scam\/26487\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/reset-notification-scam\/32427\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/reset-notification-scam\/10535\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/reset-notification-scam\/43728\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/reset-notification-scam\/18584\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/reset-notification-scam\/19037\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/reset-notification-scam\/15820\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/reset-notification-scam\/28216\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/reset-notification-scam\/28135\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/reset-notification-scam\/24846\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/reset-notification-scam\/30282\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/phishing\/","name":"phishing"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/30058","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/2598"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=30058"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/30058\/revisions"}],"predecessor-version":[{"id":30060,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/30058\/revisions\/30060"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/30061"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=30058"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=30058"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=30058"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}