What are Email Phishing scams and how to avoid them - with examples
Scams orchestrated by cyber criminals, in which they send illegitimate emails asking for money, login details and any other sensitive personal information are known as Phishing. In the online environment, where everybody can email anybody, these phishing attacks are getting more and more inventive, leaving the Internet users prone to being easy targets. Even large companies reported to have suffered from Phishing attacks and their employees falling for emails that looked genuine.
Committed to fight against phishing attacks, Mascus is constantly investigating phishing cases and informing our users about the latest threats. We are also implementing various security measures to counteract these occurrences.
How can you avoid email phishing traps?
Here we will offer some valuable instructions on what you can do in order to avoid these email phishing traps.
There have been cases where illegitimate emails using the Mascus logo and branding were asking you to log into your Mascus account with the purpose of gathering your personal information, your bank account, or info and pictures of machines you are selling. This would later be used for scamming you or other persons by using the details you have just offered unknowingly.
Please DO NOT log into any website resembling Mascus! We will NEVER request that you submit your personal information, Username or Password via email.
The most common type of email phishing is the account verification email. In this case, scammers send out emails from an address appearing to be from Mascus and asking you to click on a link and log into your Mascus account for various reasons (your account is expiring, you have received an offer, etc).
If you do click on these types of links by mistake, first of all, remember to always check the URL in the browser, and if it does not start with https://www.mascus.com or your local Mascus site, contact us immediately.
The Mascus site uses a HTTPS encrypted connection (the “S” in HTTPS stands for “Secure”) and has a SSL certificate (SSL stands for the Secure Socket Layer), which means your web browser checks the website’s security certificate and verifies it was issued by a legitimate certificate authority. The real Mascus site will always have https in the url.
Safety Tip: Checking that the site URL is a valid one
If a link in an email takes you to a page similar to Mascus for which the url starts with HTTP (no S at the end!), it means this page does not belong to Mascus. Never trust an HTTP website with your personal information.
If the URL does start with HTTPS, but your browser marks it Not secure as in the images below, this also means you are not on the Mascus site and you should not proceed at that address:
Fake url, not HTTPS encrypted and marked as 'Not secure' by the browser
Warning from Google Chrome browser about accessing a potentially not trusted source
Note that nowadays phishing scammers might also easily obtain https certificates for their fraudulent pages, so having https in the site address is not 100% proof that the page is genuine. Always be on your guard for any suspicious signs.
For extra safety, you can also check the SSL certificate for Mascus by clicking on the Padlock icon in front of the address bar in your browser and make sure the certificate was issued to www.mascus.com
View Mascus certificate details in browser (Chrome and Firefox examples)
Mascus SSL certificate details (Chrome and Firefox examples)
Phishing examples of contact request notification emails, directing you to a fake Mascus site:
Examples of fraudulent emails containing hidden links to a fake Mascus site
Phishing example of an account verification email, directing you to a fake Mascus site:
Example of fraudulent email requesting login into a fake Mascus site
The "connect email to Mascus account" method:
Another phishing attack might occur when you are in contact (via e-mail) with a potential buyer for a machine advertised on Mascus and at some point in the conversation you receive “an offer” that needs urgent approval. In this case, links in the so-called "offer" emails are pointing to fake websites that are stealing your username and password that you use to log into your Mascus account or even your e-mail account!
The main threat is that the fraudsters will gain access to your e-mail conversations and will be able to take over the email communication and divert any deals you are trying to close towards themselves and scam both the buyer and yourself.
Please note that Mascus DOES NOT send such "offer through Mascus" e-mails, nor does it support Mascus account connection to different e-mail providers.
Please do not enter any personal details, Username or Password in such "offer forms" linked from e-mails.
Example of a fake "offer". Remember that Mascus DOES NOT send such e-mails!
Example of fraudulent website resembling Mascus layout and prompting you to "connect your email with your Mascus account". Mascus DOES NOT offer this possibility, for security reasons!
Mascus DOES NOT send inactivity email reminders or any account reactivation emails!
Keep in mind the following guidelines to avoid becoming victims of phishing attacks:
- Please check carefully the URL in the address bar of your browser and make sure you are on the Mascus website before you enter any details
- NEVER email your personal information or credentials
If you have responded to one of these Phishing email messages by submitting information about your Mascus Username and Password or have any doubts about suspicious emails, please contact your local Mascus representatives.
To learn more about phishing or fraud attempts, please read our Mascus Security Guide.
Stay safe digitally!
Your Mascus Team