Cloud-based storage is a wonderful thing. Being able to store your files and retrieve them from anywhere boosts productivity. It should come as no surprise then that Microsoft entered the cloud-based storage arena back in 2007. It should also come as no surprise that Microsoft’s cloud-storage product, called OneDrive, is the target of and vehicle for, phishing attacks. Afterall, Microsoft is the second favorite target of phishing attacks.
Employees who have been trained to look out for phishing emails know not to click on links in suspicious emails. But what if the email tricks them into clicking on a link they didn’t intend to click on because it’s invisible?
According to a presentation by the security education firm KnowBe4, one of the newest forms of email compromise is a type of clickjacking which incorporates an invisible link (using the opacity setting in CSS). The link is instead replaced by a “bothersome” graphic element that’s made to look like a small hair or a speck of dust just like this:
So you tried your best to avoid a phishing attack but one day your laptop woke up with the flu bug. Criminals use phishing attacks to try to get at your personal information. You receive a legitimate-looking email with a link or attachment attached and you take the bait. After the initial shock wears off what do you do?
First and foremost, disconnect your device immediately to get offline. The criminal could be in the process of installing ransomware on your computer. So if you have a wire connection, simply unplug the internet cable. If your device is wireless, disconnect it from the wifi network.