How Cybercriminals Use Legitimate Websites To Scam You

How Cybercriminals Use Legitimate Websites To Scam You

‍

Have you ever come across a suspicious looking email but the website linked to it appears legit or you may have actually used it in the past and it was safe? The website may actually be a real website that had vulnerabilities leading to a breach.

‍

When a cybercriminal gains access to a legit website and uses it for malicious activity, it's called cross-site-scripting (XSS).

‍

Did you know that XSS is the top method for cybercriminals to infiltrate your data? Reports show that there has been a 26% rise in 2020 alone.

‍

So How Exactly Does XSS Work?

‍

Here's a rundown of how it works:

1. An attacker will uncover a legitimate website with script injection vulnerabilities

‍
2. The attacker will then take advantage of that website and send a script-injected link to a target (e.g. email phishing scam)

‍
3. The victim may click the link taking them to the compromised website

‍
4. The attacker will then collect the information of that user such as passwords, personal information, credentials, etc.
‍

‍
If you've ever received a phishing scam email, an attacker may have used XSS to attempt to steal your data. It is very common these days with many websites not having proper cybersecurity in place and cybercriminals becoming more sophisticated in their malicious attempts.

‍

It is crucial for you and your employees to always be on the lookout for suspicious activity especially through email phishing attempts. A good practice for accessing a website is to type it into your browser search engine as this is much more secure than clicking a link from a potentially malicious email.

‍

Want To Be Notified If An Email Is Malicious?

‍

With cyberthreats becoming more sophisticated, it's important to be prepared for anything. Email phishing scams are one of the most common ways cybercriminals are able to breach your information. That's why Cyber Unit has a dedicated protection plan for Email security.

‍

We sift through every incoming email before it lands in your inbox and we monitor for anything remotely suspicious. If we suspect anything malicious, we will notify you right away.

‍

Our clients have avoided hundreds of potential cyber risks thanks to our email security. Remember, it only takes one click to have all your sensitive data compromised, so it's better to be prepared.
‍

‍
Check out our protection plans HERE.