Amazon, Gmail, Facebook users warned to change password

A drastic increase in password-stealing attacks on Amazon, Gmail and Facebook has been reported. Here’s how you can protect your business accounts.

Our experts

We are a team of writers, experimenters and researchers providing you with the best advice with zero bias or partiality.
Written and reviewed by:
Direct to your inbox
Startups.co.uk Email Newsletter viewed on a phone

Sign up to the Startups Weekly Newsletter

Stay informed on the top business stories with Startups.co.uk’s weekly email newsletter

SUBSCRIBE

If you use Amazon For Business, Gmail or Facebook for Business within your organisation, you may need to change your password urgently.

Hackers have been targeting these platforms through password-stealing attacks. Research by Kapersky reported around 26 million attempts to get users to access malicious sites impersonating these brands – an increase of 40% compared to last year.

Here’s what you need to know, and how you can protect your business accounts.

Google, Amazon and Facebook are more prone to password hacking

Kapersky reported that Google, Amazon and Facebook passwords are targeted the most by hackers. 

The cybersecurity provider reported a 243% increase in attack attempts for the first half of 2024, with around 4 million of these attempts being blocked by Kapersky itself. Meanwhile, Facebook users saw 3.7 million phishing attempts, while Amazon experienced 3 million. 

Olga Svistunova, a security expert at Kapersky, warned that a criminal who gains access to a Gmail account can “potentially access multiple services”. This means that not only can business information be leaked, but personal information on customers is also at risk of being exposed.

Hackers seek account credentials for these platforms, as getting access enables data theft, malware distribution and credit card fraud. Google accounts in particular are seen as particularly valuable, as the main key to unlocking other account credentials and personal information to commit fraud.

Who else is being targeted?

Other tech giants like Microsoft and Apple have also been targeted. Other companies include DHL, Mastercard, Netflix, eBay and HSBC. 

A report by cloud security provider Netskope revealed a 2,000-fold increase in traffic to phishing pages sent through Microsoft Sway – a cloud-based application that enables users to create visual documentation, newsletters and presentations.

Through the use of “quishing” – a form of phishing through QR codes – hackers have been able to trick users into logging into malicious websites, stealing their passwords in return. Hackers can take advantage of bogus QR codes as they can often bypass email scanners that only examine text-based content. Moreover, as QR codes are often used with mobile devices – which typically don’t have as tight security measures compared to desktops and laptops – victims become more vulnerable to attacks in turn.

How to protect your business accounts

Keeping your business and customer information safe is crucial and both you and your employees need to remain vigilant. Here are steps your business can take to protect your business accounts from phishing attacks.

1. Be aware of the signs

Hackers are becoming better at impersonating legitimate platforms and brands, but there are a few red flags to look out for in a phishing email or website. These include:

Generic domain extensions: This is a tactic to disguise malicious communications. For example, an email from a “@gmail.com” address instead of a corporate domain (like @company.com) might seem legitimate at first glance, especially if the display name mimics that of a real employee or organisation. Attackers exploit these generic email addresses to impersonate businesses, executives or trusted contacts, bypassing security checks that may flag suspicious domain names.

Misspelt domains: Hackers may use domain names that are near-identical to legitimate ones, only changing a single letter or adding a number. A domain like Facebook.com could be altered to “Faceb0ok.com”. Deceptive domains like this are known as “typesquatting” or “URL spoofing” and are designed to look almost identical to the original website, luring users into entering their credentials or downloading malicious software

Email/website content: When checking the legitimacy of an email or website, pay close attention to the content. Look out for any spelling errors, grammar mistakes or unprofessional formatting. Remember that legitimate companies typically have teams to ensure that their communications are polished and professional while phishing emails and fraudulent websites are often created hastily and may constrain typographical errors, awkward phrasing or inconsistencies in branding.

Sense of urgency: Hackers will create a sense of fear in their messaging, urging victims to act fast to avoid negative consequences. Scare tactics, such as warning of account suspensions, unauthorised transactions or security breaches are used to instil fear and pressure recipients to act fact to avoid negative consequences. This panic makes victims more likely to click on malicious links, download dangerous attachments or provide sensitive information, such as passwords or financial details.

-Unusual requests: Be cautious of any unusual requests in emails or messages, especially those asking for money or personal information, or prompting you to click a link or download an attachment. Hackers will disguise themselves as trusted entities (eg a boss, colleague or company) to deceive recipients into complying with these requests. They mask ask for sensitive information like passwords or banking details under the guise of urgent updates, security checkers or unanticipated financial transactions.

2. Install security software

Make sure to install strong security software for your business accounts, such as firewalls, spam filters and antivirus software to prevent phishing attacks. Additionally, investing in web filters can help restrict access to certain websites, preventing employees from visiting malicious websites or downloading dangerous files.

Keeping your software up to date with the latest upgrades is also crucial, as this helps patch vulnerabilities and protects against new threats. Platforms like Hack the Box offer valuable resources – providing a hands-on learning experience where employees can practice identifying and defending against different cyber threats, including phishing attacks. 

3. Use multi-factor authentication

A strong password alone isn’t enough to protect your business accounts nowadays. If a hacker manages to access your accounts through a single password, it can have dire consequences for your business.

Multi-factor authentication (MFA) is designed to prevent unauthorised access, as it prompts users for a second factor when signing into their account, such as through a code sent to their email or phone, a fingerprint scan or answering a secret question.

With hackers continuously targeting major platforms, the security of your business credentials is crucial for preventing fraud and protecting personal information. 

Make sure to stay aware of any suspicious emails while using these platforms, keep an eye on your security software and keep your credentials secure to avoid falling victim to phishing attacks. 

For more information on how to avoid being scammed by email, head here.

Written by:
With over 3 years expertise in Fintech, Emily has first hand experience of both startup culture and creating a diverse range of creative and technical content. As Startups Writer, her news articles and topical pieces cover the small business landscape and keep our SME audience up to date on everything they need to know.

Leave a comment

Leave a reply

We value your comments but kindly requests all posts are on topic, constructive and respectful. Please review our commenting policy.

Back to Top