A fake update message targets users of Proton Mail secure messaging. Be careful if you receive such an email in your mailbox.
Targeting users of messaging services is common. Launching a phishing campaign on an encrypted email is already less ordinary.
Damien Bancal, founder of Zataz, a site specializing in cybersecurity monitoring, reported on February 21 on (ex-Twitter) a new phishing email targeting members of Proton Mail. This service, renowned for the degree of security it deploys to increase the confidentiality of its customers, is precisely favored by people who wish to benefit from a high level of protection (journalists, cyber experts, scientists, lawyers, etc.).
According to Damien Bancal, this fraudulent email has already been sent to three Proton email addresses. The message indicates that a security update is necessary after a questionable connection to the personal calendar.
A link goes to a clone site that perfectly reproduces the Proton Mail login page. The hackers have prepared their trap well: once the victim has entered their credentials, they will be sent to the official email site.
Proton IDs targeted
The fake page has existed since 2020 and recently received an update, in January 2024, probably to relaunch the phishing campaign.
This type of trap is first used to recover usernames and passwords which will either be used for a future attack, or sold with thousands of other addresses in a batch on a hacker forum.
The recommendations for improving your cyber hygiene remain the same: check the recipient’s email address, look carefully at the URL of the site you are visiting and do not click if in doubt. It’s also useful to know how to recognize phishing attempts: here are four examples of sophisticated attacks you could experience.
If you liked this article, you will like the following: don’t miss them by subscribing to Numerama on Google News.