Posted 03/24/2023
Phishing for Ring Customers
There is a new campaign on the rise which is targeting users of the Ring video security system. The scammers send convincing phishing emails instructing people to click on an attachment file to update their membership.
How the Phishing Scam Works
Once the user clicks and opens the attachment, a webpage will appear that convincingly mimics the legitimate Ring's login page. This webpage is actually hosted locally on the customer's machine, which helps the attackers avoid detection by security filters.
Cleverly hidden behind the fake page is a malicious form requiring users to update their credit card information and enter their social security number. Once the form is submitted, it redirects the user to the real Ring's website, further convincing them that everything is legitimate.
Scary Access
There are so many reasons why this scam is dangerous and terrifying. The apparent is a stolen identity, which can be a terrible hassle to resolve and prove to your banking institutions.
But perhaps even scarier is the fact that now these scammers have access to your cameras and can monitor your every move without you even knowing.
Many customers have indoor and outdoor camera subscriptions with Ring, and without recognizing the scam, your privacy is entirely compromised.
Red Flags and Solutions
It is always best practice for users to be wary of emails or redirected webpage that specifically ask for personal information like social security numbers and bank details.
If an email includes direct links or attachments, it's better to be weary of these and instead contact the company page directly. The exception is if you have already vetted and confirmed that the sender, email, and links are legitimate.
A good tip is to preview the link URL before you click on it. Steps to do this can be found in your browser and email settings.
Additional recommendations include (Source: INKY):
- Use your browser’s address bar to confirm that you’re on a real website instead of a local file.
- Confirm the domain of the website. In this case, recipients should be suspicious that the Ring login page is hosted on immobilmedia.com instead of ring.com."
- Be careful with display name spoofing. This example uses ‘Ring Video Doorbell’ as the display name, but recipients should be suspicious that the sender’s email address isn’t an authentic Ring email address.
- Always be suspicious when receiving HTML attachments from unknown senders. Simply opening the file can run malicious code on the recipient's computer.
Source: KnowBe4