ProtonMail warns all users to beware of phishing scam
ProtonMail is sending a warning urging all users of the end-to-end encrypted email service to be on the lookout for phishing scams impersonating ProtonMail.
“Dear ProtonMail user, over the last few days we have noticed an unusually high number of phishing attempts targeting ProtonMail accounts. To help keep your account safe, we want to remind you of a few security tips,” reads the warning.
Users are told to look for the “star” that indicates the email is from the provider, to avoid clicking on links or attachments if the email looks or feels suspicious in any way, and more (full text body in the embedded tweet below, courtesy of Catalin Cimpanu).
The company says phishing is the most common attack vector employed by cybercrooks, and urges users to watch out for any suspicious correspondence hitting their inbox.
ProtonMail just sent out a phishing warning pic.twitter.com/VqKUZehNnF
â€” Catalin Cimpanu (@campuscodi) May 3, 2018
ProtonMail is an end-to-end encrypted email service founded in 2014 at the CERN research facility. It uses client-side encryption to protect email contents and user data before they are sent to ProtonMail servers, unlike the more common email services out there.
The service uses a combination of public-key cryptography and symmetric encryption protocols to achieve end-to-end encryption, and includes the option to log in with a “two-password mode” that requires a login password and a password for the mailbox. The service is also secured by the industry-standard two-factor-authentication (2FA) protocol.
Since ProtonMail stores decryption keys only in their encrypted form, bad actors can”t retrieve user emails nor reset user mailbox passwords. Thus, the only way (or at least one of the few ways) they can get their hands on a ProtonMail account is through a phishing campaign that tricks users into inputting their credentials.
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022