A rather clever phishing email currently hitting inboxes attempts to emulate the genuine “new sign-in” security warnings sent out by email service providers.
As with other types of phishing, the scam emails are designed to steal your personal information.
Genuine “New Sign-In” Notifications
If you login to your email account from a new browser or device, you may receive a security notification asking if it was really you that logged in. The purpose of these notifications is to alert you as quickly as possible if your account has been compromised.
If you receive such a message and you didn’t recently login from a new browser or device, then it may mean that an unauthorised person has accessed your account. If that is the case, you can take steps to secure or recover your account.
As an example, here’s a screenshot of a genuine new sign-in security notification from Google:
Scammers Exploit User Familiarity
Scammers know that many email users will have received genuine new sign-in security notifications and will thus be familiar with them. The scammers exploit this familiarity by sending out fake security notifications that may appear genuine, at least at first glance.
Here’s an example of one of the fake security notification emails:
Clicking any of the links or buttons in the email opens a fraudulent website that asks for your email address and email password.
After you submit these details, the criminals can use them to take control of your email account as well as any linked services that use the same login.
Some versions may include further fake forms that ask for more personal and financial information, ostensibly as a means of verifying your identity and securing your account.
Proceed With Caution
Genuine security notifications will clearly identify the service provider who sent them. They will not have vague identifications such as “The Email Team”. And genuine emails will usually address you by name rather than use your email address or a generic greeting such as “Dear Customer”.
If you follow a link in one of these emails, ensure that the link opens the service provider’s genuine website and not a fraudulent copy.
It is always safer to log in to your account by entering the address into your browser’s address bar rather than by clicking a link in an email.