.jpg?width=400&height=226&name=iStock-1185282377%20(3).jpg)
Cybernews warns that threat actors will likely take advantage of the recent AWS outage to launch phishing attacks against affected users.
Attackers frequently exploit high-profile events to carry out social engineering attacks while people are confused or stressed, as these users are more likely to act without careful consideration.
“Phishing attacks have one thing in common—they prey on human emotion, and in the case of services going down or being unable to access an account for extended periods of time, take advantage of a victim’s sense of urgency, fear, and confusion,” Cybernews says.
“With the help of AI tools, these hackers can easily create an email that appears to be sent directly from the impacted organization, complete with identical logos and structure, and often a spoofed email address or phone number that mimics the legitimate ones.”
Attackers may impersonate Amazon or tech support services offering to help users recover connectivity or receive compensation for the downtime.
“Users should be wary of emails or texts with ‘clickable links’ offering to provide outage updates, restore access to its services or app, or even offering to compensate users financially for time the service or app was down,” the researchers write. “Additionally, users should also watch out for scammers claiming to be from an app's tech support, another tried-and-true scheme used by cybercriminals worldwide.”
Users can follow security best practices and maintain a healthy sense of suspicion to avoid falling for social engineering attacks.
“In the aftermath of a significant outage or cyber event, to avoid targeted phishing attacks, users should always be skeptical of any emails, texts, or phone calls claiming to fix the outage or restore services,” Cybernews says.
“Never click on any unsolicited links or pop-ups as these could install malware on your device for more invasive attacks, steal your personally identifiable information (PII) using a keystroke logger, or send you to a fake webpage asking the user to input their login credentials.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Cybernews has the story.
