News of cyber criminals using phishing attacks is abundant. Yet, people continue to fall for these schemes, which is why the bad guys keep phishing. (As a reminder, phishing generally involves a hacker posing as a legitimate, trusted party to trick an unsuspecting victim into clicking a link, which then leads to a malware infection.)

Several tech news outlets, including Naked Security, have reported that Copyfish recently fell prey to phishing. Copyfish is a browser plugin that extracts text from videos, images, and PDFs. One of the browsers that Copyfish works with is Google Chrome, which means that Copyfish programmers must work through the Google Chrome Web Store.

An email to a Copyfish account, purportedly from Google, said that the app was out of compliance with Google rules, and offered a link for the Copyfish developer to click to fix the problem. The developer clicked the link, which led to the hackers getting Copyfish’ Google account login information.

Next, the cyber criminals unleashed havoc on Copyfish by, among other things, pushing out an infected update of Copyfish to its users who had installed the Chrome plugin.

The takeaway lesson from phishing attacks is always the same: Don’t click links in emails or on web pages unless you are 100% they are safe.

Would you like to train your company’s employees on how to avoid phishing attacks? Contact us at INSUREtrust. We can help with that.