Symantec researchers warn about a variety of fake emails supposedly coming from popular email and online storage services, offering “storage quota upgrades”.
A click on the offered link takes the potential victims to a bogus page mimicking the service’s legitimate one:
The page offers a variety of storage plans – from 20 GB to 1 TB – supposedly free of charge.
“Your new plan will automatically renew each year, but you can disable auto-renewal at any time by returning to this page and choosing additional free plan,” says the poorly worded offer.
“We will contact you 30 days prior to renewal. Please allow up to 24 hours for your new storage amount to appear in all services,” the scammers conclude, so that the users aren’t alarmed when they don’t see an immediate change.
In order to select one of the offered storage plans, the users must, of course, input their email address (username) and password, which are promptly sent to the scammers.
In the meantime, the users are redirected first to another bogus page notifying them of a successful storage quota upgrade, then to the service’s legitimate websites.
To avoid these and other phishing attacks, users are advised not to follow suspicious links in unsolicited emails, avoid providing personal information when answering an email, and avoid entering personal information in a pop-up page or screen.
Checking to be sure that the website into which they are entering personal or financial information is encrypted with an SSL certificate is also a good idea.