UK Users Should Be Aware of Census-Themed Phishing Attacks



Census-Themed Phishing AttacksUsers in the UK should be on the lookout for census-themed phishing attacks, according to Paul Ducklin at Naked Security. Participating in the census is mandatory in the UK, and people who didn’t complete the census by the March 21st deadline will begin receiving warning letters informing them that they could be fined £1000 if they fail to send in their form.

Cybercriminals are taking advantage of this by sending text messages telling recipients that their census application is missing information. This ensures that even people who have completed the census will want to click the link. The link leads to a convincingly spoofed phishing site designed to steal their personal information.

Ducklin offers the following recommendations to help people spot phishing scams:

“Check the domain name on websites carefully. UK government sites should end gov.uk. It’s hard for crooks to get control of one of those – they can’t just be bought online like .com domains can. Also, watch out for domain names where the left hand end looks legitimate, but the right-hand end says that it belongs to someone else, as in a name like census.gov.uk.example.com. The person who owns example.com also owns and can use all domain names that end with that name, not just plain example.com itself.

“Don’t use links in text messages or emails. The Census 2021 website is well-known and easy to find through reliable sources, including printed on the Census snail-mail you ought to have received. If you find your own way to a website where there is supposedly an “issue”, you won’t get suckered by fake links – whether that’s a “problem” with your bank, a “missed” home delivery or an online “order” you never actually placed.

“Be extra cautious of links in text messages (SMSes). Text messages are short, simple and often written in abbreviated English, so the crooks are much less likely to make spelling and grammatical errors that might otherwise tip you off.”

New-school security awareness training can help your employees recognize red flags associated with social engineering attacks. And keep a careful eye on text messages: they’re not all LOL.

Naked Security has the story.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer

Topics: Phishing

Subscribe To Our Blog


Ransomware Hostage Rescue Manual




Get the latest about social engineering

Subscribe to CyberheistNews