InfoSec

Phishers’ delight – Avoiding Email Scams

Will you fall victim to expert phishers? Don’t underestimate the risk.

Internet con men were rubbing their hands with glee following the wordwide panic about Heartbleed.  Just one of the bigger recent hooks criminals have used to reel in unsuspecting internet users and persuade them to click on an iffy link or share their credentials.  In case you don’t know about Heartbleed, there’s an excellent plain English article here: “Heartbleed And What To Do About It“.

bear catching salmonAdvice from all experts was to change on-line passwords IF a website was vulnerable to Heartbleed and IF it has since been fixed.

This wasn’t scaremongering. Amar Singh – @amisecured – a Chief Information Security Officer, who’s advice has been sought by the Financial Times and BBC,  reported scammers jumping on that bandwagon soon after the media broke the Heartbleed story.

14th April 2014 – @amisecured Must review for all http://wp.me/p4oO83-av. Already seeing several emails hitting my clients and my own inbox. Beware

PhishingMail

This is called phishing.  Emails often look incredibly genuine with valid logos and email addresses (see the image below).  They may also provide a link to a website that looks exactly like your bank, Amazon, Gmail etc etc etc.  Having said that, you should never click on links in suspect mails, as criminals can plant software that downloads nasties to your computer as soon as you connect.

Example of a real Phishing email – Note how genuine it looks.  Scroll down for some advice on what to do if you are concerned.

Paypal_phish

Quick tips:

  • If a mail is from someone you don’t know, or a company you don’t use, just delete without opening.
  • Hover your mouse over the sender’s address at the top of the mail. Most mail programs will make the full return address appear. If this doesn’t match original sender details, chances are the mail isn’t valid.
  • If opened, don’t reply to the mail or click on links.
  • Do a quick web search to see if anyone has called out a scam linked to whichever company emailed you.
  • If you are still worried, call your usual support line or email your usual support address.
  • If practical, save the mail to share with law enforcement agencies.
  • Have a look at more advice on spotting iffy mails from Get safe Online (see below)

 

Watch how to identify a phishing mail

Javvad Malik, a very well respected security expert, talks a friend through how to decide what is and isn’t a valid email:

Comprehensive advice & links to report attepted or successful phishing

Anti Phishing Working Group or APWG a not for profit service with links to law enforcement focused specifically on this:

 

Action Fraud – A UK Police Service that has additional resources, including what to do if you realise you’ve been a victim of internet or email fraud:

 

Get Safe Online – Another great resource with news on latest scams and plain English advice:

 

3 replies »

  1. Another good article, when teaching people to company the common scams it can seem like a lot of information is presented to the user in the hope it will help them. No doubt the person who sits down and listens to the scores of advice out there will be better off but it’s easy to forget the average Joe. The Mary in accounting too busy to glance up, never mind study this.

    Many tips and advice circle around the fact that people are devious, greedy and heartless and will try anything to get one over on you. This shouldn’t always be a lesson of computers it should also be a valuable lesson for life – Trust! Be careful how you dispense yours!

    Liked by 1 person

Want to add to the discussion?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s