THE ADVENTURES OF BILLY
Comprehensible Information Security…
Cybercriminals send emails pretending to be someone they are not to many people at the same time. The email can claim to come from a bank, company, government department or any other widely used online service. The aim is to get the target to do something they usually wouldn't or reveal personal information.
Emails often request login details for websites with financial information such as internet banking sites. This may be in the form of a security alert asking you to confirm your account details for example.
Some of the signs to look out for when trying to detect a phishing email.
Software can show or 'spoof' an email address in the sender line of an email, so it appears as though it's from someone it's not. It may also be sent from an email address that's similar to the genuine sender, i.e. '@hwrc.com' ('w' instead of 'm') instead of '@hmrc.com'. Without taking time to check the authenticity of the sender address the target may think the email is from a genuine source.
Don't open attachments in emails unless from a trusted source. Opening attachments in emails may download malware on to your device. Malware can be concealed in email attachments you are directed to open such as .pdf files and word documents. Any type of file can be attached to an email. To avoid email filters attachments will be sent in an archive (.zip) or an encrypted file.
Cybercriminals send emails pretending to be someone else to many people at the same time; this means the address includes generic greetings and no personal information. Authentic emails often include your name or username. If an email doesn't address you by your first / full name, username, or email it is more likely it is a scam.
You are being offered money for an unusual reason or no reason at all or it sounds too good to be true. Long lost grandparent doesn't count. Authentic emails will rarely include spelling or grammar mistakes, phishing emails however intentionally do. Attackers want to ensure the targets they correspond with may give them their details. If a victim responds to a poorly drafted email its more likely, they will be gullible enough to be phished.
Don't click on links in emails unless from a trusted source. Opening links in emails may allow malware to transfer on to your device when you connect to it or the attacker to harvest information you input. If you hover over the link (DONT CLICK) you can see the website that the text links to. If the link is slightly misspelt or unusual it's probably a scam.
Threats that your account will be deleted or negatively impacted if the issue is not resolved are to pressure you into falling for the trap by creating a sense of urgency and give you less time to think about the authenticity of the email. Use of urgent and/or threatening language such as 'account Suspended' or 'Unauthorized Login attempt.'
View more real examples of phishing emails here:
Cybercriminals send emails pretending to be someone they are not to many people at the same time. The email can claim to come from a bank, company, government department or any other widely used online service. The aim is to get the target to do something they usually wouldn't or reveal personal information.
Emails often request login details for websites with financial information such as internet banking sites. This may be in the form of a security alert asking you to confirm your account details for example.
Cybercriminals send emails pretending to be someone they are not to many people at the same time. The email can claim to come from a bank, company, government department or any other widely used online service. The aim is to get the target to do something they usually wouldn't or reveal personal information.
Emails often request login details for websites with financial information such as internet banking sites. This may be in the form of a security alert asking you to confirm your account details for example.
The most common types of phishing attacks are deceptive phishing attacks. These are when an attacker impersonates a legitimate company and attempt to steal people’s personal information or login credentials. These often use threats and a sense of urgency to scare users into giving their details away. This type of attacks success relies on how closely the attack email resembles a legitimate company’s official correspondence. As a result, users should look at URLs carefully to see if they redirect to an unknown website. They should also look out for email’s addressed generically, grammar mistakes and spelling errors.
Spear phishing attacks have the same goal as a deceptive phishing attack, they obtain specific information about an individual and use this to try and trick the recipient into believing they have a connection with the sender, from here the goal is the same as deceptive attack.
This sort of attack is a specific type of spear phishing attack with the intention of getting a top executive in a company in an attempt to steal their login credentials. In the event that their attack proves successful, fraudsters can choose to conduct CEO fraud the second phase of a business email compromise.
Pharming is essentially phishing without a lure. It is a scamming practice where some malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent. E.g. you are trying to access www.example.com and it sends you to www.fakeExample.com. The code that has compromised the computer will always take the user to the fake website even if the correct website is typed in to the browser.
