Fake emails supposedly coming from popular email and online storage services, offering “storage quota upgrades” are hitting the cyber street.
A click on the offered link takes the victims to a bogus page mimicking the service’s legitimate one, said researchers at Symantec.
The page offers a variety of storage plans – from 20 GB to 1 TB, free of charge.
“Your new plan will automatically renew each year, but you can disable auto-renewal at any time by returning to this page and choosing additional free plan,” said the poorly worded offer.
“We will contact you 30 days prior to renewal. Please allow up to 24 hours for your new storage amount to appear in all services,” the scammers conclude, so the users aren’t alarmed when they don’t see an immediate change.
In order to select one of the offered storage plans, the users must, input their email address (username) and password, which promptly go out to the scammers.
Meanwhile, the users end up redirected first to another bogus page notifying them of a successful storage quota upgrade, then to the service’s legitimate websites.
To avoid these and other phishing attacks, users should not follow suspicious links in unsolicited emails, avoid providing personal information when answering an email, and avoid entering personal information in a pop-up page or screen.