Cyren, winner of the 2017 Cybersecurity Excellence award, is a web Security Company that has recently released information on a new phising scam that has taken advantage of free web hosting. While free web hosting may be suitable for individuals and in some cases small businesses, these services are a favourite of malicious individuals who
The phising scam was simple. Using the Wix drag and drop layout builder, it was incredibly easy for scammers to create a look-alike office 365 site which stole user’s information when they plugged in their office account details.
It is difficult for a free service such as Wix to spend the resources on security needed to prevent such phising scams. How do you get to the malicious website? Often, links can be sent in emails from seemingly legitimate sounding accounts. The scam does not have to trick a large percentage of those subjected to it. It only needs to find a minority that will fall for the scam, imput their login details, and allow the scammers complete access to their Office 365 account.
What details could the scammers find? If you know people who are less technologically proficient, you may have encountered people who put all of their login details and passwords in a word file. This could include bank logins, which could give the scammers access to financial institutions.
Wix has a page which allows users to report phising websites. If you find a Wix site which is being used for the office 365 phising scam, please report it at the following official page.
While you are there, ensure that you take a moment to check the web address and the secure logo that shows you are on the actual Wix page, secured by HTTPS. Click that link in order to see our guide to security certificates.