/>
X

This phishing attack uses a countdown clock to panic you into handing over passwords

A phishing attack is borrowing a technique from ransomware groups by looking to scare the victim into doing what they want.
danny-palmer
Written by Danny Palmer, Senior Writer on
a-man-looking-at-his-laptop-with-concern
Image: Getty/Deagreez

A sneaky new phishing attack attempts to manipulate victims into entering their username and password by claiming their account will be deleted if they don't – and it uses a countdown timer to pile on the pressure. 

Detailed by cybersecurity researchers at Cofense, this phishing attack begins with a message that claims to warn the recipient that an attempt to log in to their account from a location they haven't used before has been blocked – and that they should click a link to verify their email address. 

This kind of fear tactic is common in phishing attacks, as cyber criminals know that sending victims into a state of urgency means they're more likely to follow instructions, particularly if they've been told something is wrong with their account. 

What sets this attack apart from others is that it appears to borrow a tactic from ransomware gangs – displaying a countdown clock on the phishing site. The timer ticks down from an hour, claiming the user must enter their username and password to 'validate' their account before the countdown clock hits zero, otherwise their account – and even those of others – will be deleted. 

SEE: A security researcher easily found my passwords and more: How my digital footprints left me surprisingly over-exposed

This isn't a real warning and even if the countdown timer reaches zero, nothing will be deleted – but the tactic is designed to make the victim panic and follow the instructions. It's similar to a technique used by ransomware groups. 

If the user targeted by the phishing email enters their login credentials, it either claims they've used the wrong password or it says the login details are accepted, before redirecting them back to their company home page. In either cases, the result is the same – the attacker steals the username and password. 

There's several ways attackers could abuse legitimate login credentials. They could use them to access the network themselves to steal data, help gain access to other accounts or even plant ransomware or other malware. Alternatively, they could sell the stolen passwords to other cyber criminals to use in their own illicit campaigns. 

Phishing attacks are one of the most common methods cyber criminals use to steal usernames and passwords. Using multi-factor authentication (MFA) can help protect accounts, because even if the attacker knows the correct login credentials, the need for extra verification prevents them from being able to access the account, as well as providing a warning that something could be wrong. 

In the event of your password being stolen, it's vital it's quickly changed, preferably to something which is complex and difficult for a hacker to guess

MORE ON CYBERSECURITY

Related

Raspberry Pi: This 'much requested' feature just took a big step forwards
raspberry-pi-sales-jump-heres-why-the-ti-5ed5fa71a07d36782c1e10b3-1-jun-02-2020-7-10-50-poster.jpg

Raspberry Pi: This 'much requested' feature just took a big step forwards

Developer
How to recover deleted files in Windows 10 or 11
sample-image-16-9-red.jpg

How to recover deleted files in Windows 10 or 11

Windows
Feren OS is a Linux distribution that is as lovely as it is easy to use
The Feren OS desktop.

Feren OS is a Linux distribution that is as lovely as it is easy to use

Linux