A new eir phishing scam has been identified which has led to the Irish communications company to send out a warning to customers. Hundreds of customers were sent emails offering them a refund yesterday. In order to process the refund, the email recipients have been advised to login to their My Eir account. A fake link is given in the email which must be clicked to receive the refund.

That link brings the email recipient to a fake website. The malicious website has been set up to look identical to the Eir website. Users are asked to confirm their credit card details in order to process the refund. Those details are logged by the website and are forwarded to the criminals running the Eir phishing scam.

Eir has told customers to be wise to the threat of the fraudulent email messages and to erase them if they are received. Any person who has fallen for the Eir phishing scam and has provided credit card details via the malicious website faces a high danger of credit/debit card fraud.

Phishing email campaigns such as this are regularly seen. Hackers use a variety of social engineering techniques to get users to reveal sensitive data such as credit and debit card numbers, which are used by the hackers to make online purchases and register huge debts in the victims’ names.

The malicious emails can be quite authentic. Criminals use legitimate imagery in the phishing emails to trick email recipients into believing the emails are genuine. The malicious spam messages usually include a link that directs to victims to malicious websites where personal data must be disclosed in order to receive a refund, free gift, or to view important documents. The websites can look practically the same as the legitimate sites.

Email scams often bring victims to malicious websites containing exploit kits which search for weaknesses in browsers and plugins and leverage those flaws to download malware.

The malware poses a massive risk for businesses. Malware is used to obtain a foothold in a computer network, which can be used to initiate cyberattacks to steal valuable data or to gain access to corporate email and bank accounts.

To safeguard against such attacks, staff members should be instructed never to use links sent in emails and to login to websites directly through their browsers. Employees should be given training to help them identify phishing emails and email and web spam.