Home  |  Sarah  |  Services  |  Blog  Contact

Wednesday, 20 Aug , 2014

Phishers’ delight – Avoiding Email Scams

Share this article

Will you fall victim to expert phishers? Don’t underestimate the risk. Internet con men were rubbing their hands with glee following the wordwide panic about Heartbleed.  Just one of the bigger recent hooks criminals have used to reel in unsuspecting internet users and persuade them to click on an iffy link or share their credentials.  In case you […]

Will you fall victim to expert phishers? Don’t underestimate the risk.

Internet con men were rubbing their hands with glee following the wordwide panic about Heartbleed.  Just one of the bigger recent hooks criminals have used to reel in unsuspecting internet users and persuade them to click on an iffy link or share their credentials.  In case you don’t know about Heartbleed, there’s an excellent plain English article here: “Heartbleed And What To Do About It“.

bear catching salmonAdvice from all experts was to change on-line passwords IF a website was vulnerable to Heartbleed and IF it has since been fixed.

This wasn’t scaremongering. Amar Singh – @amisecured – a Chief Information Security Officer, who’s advice has been sought by the Financial Times and BBC,  reported scammers jumping on that bandwagon soon after the media broke the Heartbleed story.

14th April 2014 – @amisecured Must review for all http://wp.me/p4oO83-av. Already seeing several emails hitting my clients and my own inbox. Beware

PhishingMail

This is called phishing.  Emails often look incredibly genuine with valid logos and email addresses (see the image below).  They may also provide a link to a website that looks exactly like your bank, Amazon, Gmail etc etc etc.  Having said that, you should never click on links in suspect mails, as criminals can plant software that downloads nasties to your computer as soon as you connect.

Example of a real Phishing email – Note how genuine it looks.  Scroll down for some advice on what to do if you are concerned.

Paypal_phish

Quick tips:

  • If a mail is from someone you don’t know, or a company you don’t use, just delete without opening.
  • Hover your mouse over the sender’s address at the top of the mail. Most mail programs will make the full return address appear. If this doesn’t match original sender details, chances are the mail isn’t valid.
  • If opened, don’t reply to the mail or click on links.
  • Do a quick web search to see if anyone has called out a scam linked to whichever company emailed you.
  • If you are still worried, call your usual support line or email your usual support address.
  • If practical, save the mail to share with law enforcement agencies.
  • Have a look at more advice on spotting iffy mails from Get safe Online (see below)

 

Watch how to identify a phishing mail

Javvad Malik, a very well respected security expert, talks a friend through how to decide what is and isn’t a valid email:

Comprehensive advice & links to report attepted or successful phishing

Anti Phishing Working Group or APWG a not for profit service with links to law enforcement focused specifically on this:

 

Action Fraud – A UK Police Service that has additional resources, including what to do if you realise you’ve been a victim of internet or email fraud:

 

Get Safe Online – Another great resource with news on latest scams and plain English advice:

 

Opinion: Paying to play with our personal data – is it ok?

We’ve migrated from ‘Hot or Not?’ to being held virtually hostage by many of the digital platforms we rely on today. In the midst of that a new processing paradigm has emerged. Myriad startups want to pay to play with your personal data. Can this tackle on-going...

In AI we will blindly trust…

...and the architects, designers, data scientists, and developers will think we are nuts I've been driven back to the blog to talk about one very specific aspect of privacy, data protection and Artificial Intelligence (exchange for Machine Learning or Algorithms as...

Data Protection, Security, and the GDPR: Myths and misconceptions #2

Welcome back! This is a shamefully delayed sequel to my first instalment of security themed GDPR thoughts: Data Protection, Security, and the GDPR: A fraught and fuzzy relationship. Here I look back again over my pre-privacy IT and InfoSec career to spot things likely...

Where and to whom does the GDPR apply?

Yeah, I doubted my sanity going at this one too, but here I am, because working out whether or not the GDPR would apply in different practical and geographical circumstances is proving harder than it really should...for everyone. This regulation has been my almost...

GDPR – You’ve analysed the gaps, but can you close them?

  There is a critical gap for most firms: An inability to interpret and leverage gap analysis, data discovery, and mapping output to actually implement technical data processing change. This article is about the challenges most large firms are facing when trying...

GDPR – The Compliance Conundrum

There is one question related to the General Data Protection Regulation that will arguably cause more ulcers than any other: How much is enough? In some portions of the GDPR 'good' is straightforward. In many others we are asked to respect principles of fairness and...

Opinion: The role of automated data discovery in a GDPR programme

Do you have any online profiles or posts featuring those 4 magic characters: G D P R? If so, whether you are a business decision maker, IT body, security body, charity boss, employed data protection pro, or job seeking data protection pro (less and less likely), you...

When Business Culture Eats Cybersecurity For Breakfast – Part One

A four-part story of budget cuts, blamestorming, breaches and massive bumps in the road to mature security. Wild Speculation & IT Transformation Do you remember Nick Leeson? On February 23rd 1995 he sent a fax telling bosses at Barings Bank he was ill and wanted...

Cyber Insurers Dictating Cybersecurity Standards?

A run down of the key challenges with choosing and using cyber insurance called out in the last few months. It looks entirely possible you will have 'adequate' security dictated by your insurers, so it is your job to understand the risk based yardstick they're using...

There Is No Such Thing As Information Security Risk

Having worked in IT and Information Security for 13 years, I've come to the conclusion that there is no such thing as information security risk. There are just business risks that have one or more security or IT related causes. There is a fundamental and persistent...