People are being warned against clicking on confirmation links in emails which are being used by criminals to sneak malicious links past your spam filters and into your inbox.
The scam exploits a flaw in the sign-up forms of real companies online to trick email providers into allowing dangerous links to get through.
The trick was uncovered by consumer website Comparitech.com, as reported in The Mirror.
Lots of websites ask you to enter your first and last name in a sign-up form, then send you a confirmation email.
Police and ambulance crews called to sudden death in Bristol park
Comparitech found examples where a scammer can register with someone else's email address, but put a phishing link in the sign-up form that is then included in the confirmation email.
Spam filters typically check for suspicious words, phrases, and links - but one of the main things they look at is the email address itself.
Martin Lewis reveals a really simple way everyone can save money
"At present, there’s no effective method users can employ to stop these emails from bypassing email spam filter," Comparitech said.
"If the email address is coming from a whitelisted site or appears fully legitimate, it’s unlikely to be stopped by a spam filter even with a suspicious link in the content of the email."
Comparitech's privacy advocate Sam Cook has come up with the following advice for people worried they could be targeted:
- Check to make sure the website is legitimate. Do not click any links in the confirmation email. Instead, type in the website name in Google search to verify its existence.
- Check the form name that was submitted and is given in the email. If it contains a link next to the introduction (“Dear X [hyperlink]), it’s probably a phishing attempt.
- Do NOT click on the link. Instead, contact the website in question to let them know you did not sign up to create the account yourself, and give the supposed username that was listed to sign up with your email address
