Wednesday 2 December 2015

Gone Phishing

Phishing (fish´ing) (n.) is the act of sending an email to a user falsely claiming to be a legitimate enterprise. The aim of such contact is to scam the user into surrendering private information that will be used for identity theft or to steal money from intended victims.

A phishing email will normally direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website, however, is a fake and will steal any information the victim enters on the page.



To protect against these scams, it is best to familiarise yourself with a few techniques of identifying potential threats.

  • Salutation: A lot of phishing scam emails are mass sent, and as a result they quite often use generic salutations, such as Dear Customer, Dear Member, or even a simple Hello. If you think about it. Companies, where you have an account already know you so are more likely to call you by your preferred name.
  • Spelling and Grammar: Scammers are not known for their keen eye for competent skills with the written language. Whereas the larger organisation they pretend to be, would normally employ staff to produce professional looking copy, to send to the customers.
  • From who: The ‘from’ email address may state it is from a legitimate organisation, but hovering over or clicking on this address (depending on email client) will show the full actual email address. So that the email stating it is from Facebook.com could actually be from facebook@xyz.com. Not the same thing. Also check the ‘from’ closely for slight misspelling, is it from manager@facebook.com or manager@faceboook.com?  Scammers quite often register domains with similar URLs to legitimate organisations.
  • Links: you should not click on a link without being 100% sure of its legitimacy. A link may read one thing, but when you hover over the link it is revealed as a link to a totally different web site.  If not 100% sure. Go to the site by typing the URL into your browser for that company rather than using the link.
  • Threats: A lot of scam emails will include a threat as part of your emails, such as: “Account will be closed.” Or “System will no longer work.” Legitimate organisations will very rarely threaten you in this way.
  • Another ‘from’ Point: Quite often the from address may have you as the sender. You did not send yourself this email … It’s a scam
  • Too good to be true: Instead of a threat the email may be for an offer that is too good to be true. A rule of thumb is that any offer that is too good to be true, is too good to be true. You don’t have a long lost African prince uncle that has left you his fortune.
  • Passwords and Pin Number: Organisations will not ask for your passwords or pin numbers by email. These are yours, not theirs. So, never divulge them.


Finally…

If you suspect that the security of one of your on-line systems has been compromised due to a phishing scam, take action immediately. Go to the site, log in and change your security data. Alternately get in touch with the company direct by telephone and explain your concerns. They will help you rectify the situation.




Will Hogarth
CTO @ VGS Global
Posted by at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)