CHICAGO (WLS) — Scammers are upping their game with more sophisticated phishing emails. One tech security group is alerting the ABC7 I-Team about the new problem.

The new, more enhanced phishing attempts could look exactly like the login page of an email when the link is clicked.

Security experts say they are so convincing that even well-trained users and experts can be vulnerable.

ABC7 Chicago is now streaming 24/7. Click here to watch

Check Point Research said in a recent 30-day period, it uncovered 200,000 of the new phishing emails that can fool users and their computer’s security systems, mostly in the U.S.

“What they’re doing is manipulating the URL to make something that is bad look good,” said Jeremy Fuchs with Check Point Software. “So when you click on it, you’re none the wiser that this is actually a bad website, and your security systems are also likely none the wiser. So it takes you to a site that, for all intents and purposes looks good, but, in fact is not.”

If the link is clicked, hackers can install malware onto devices and even hold it hostage, or they try to get users to give up personal login information. The new phishing links can look like landing pages to email accounts, an important “document” to review or a request for signatures.

“If there’s ever any suspicion… obviously report it… whether it’s your IT team or to, you know, Gmail or Microsoft,” Fuchs said. “And it’s tricky, because the idea is to make it look legitimate, and so we always sort of unfortunately have to have our guards up.”

South suburban Romeoville resident Mark Geary said he’s avoided several phishing attempts. One asked him to click on a link to get an auto insurance “refund,” which he knew wasn’t real because he wasn’t supposed to be getting any refund and the email wasn’t even from the same company he is under.

“I called my insurance agent as soon as I got it, and he said it was a scam, so don’t click on it,” Geary said. “And they can literally wipe out so many savings accounts. It’s pretty dangerous, actually.

What can be done to stop enhanced phishing?

All software, including email systems and web browsers, should be kept up to date with the latest security patches. This will prevent cyber criminals from exploiting vulnerabilities through which phishing attacks can be executed.

“Advanced email security solutions” like spam filtering, anti-phishing and malware detection can also be implemented. This will detect and block the most sophisticated of phishing attempts.

Email users should also consider updating “redirection rules.” This is a set of instructions that dictates how the server should handle certain requests or messages.

It may seem like a long list, but it may be worth it. Experts say AI is making it easier for criminals to code and enhance the phishing links.

“It is now significantly easier, much more efficient and cost effective,” Fuchs said. “And you don’t need as much technical knowledge as you might have. Now, you know, with a few simple prompts… and that’s what’s accelerating this.”

The best rule to remember is to not click on any link in an inbox unless something specific is expected. Even if it looks like it is coming from a coworker or employer, people should reach out to that person directly to make sure they sent it.

Geary said he reported his phishing emails to the Better Business Bureau. People can also report them to the Federal Trade Commission, or if money is lost, it can be reported to the FBI.

Resources

Better Business Bureau: https://www.bbb.org/all/spot-a-scam#::text=Report%20a%20Scam,at%20BBB.org%2Fscamtracker.

Federal Trade Commission: https://reportfraud.ftc.gov/

FBI Internet Crime Complaint Center: https://www.ic3.gov/