10 tips for spotting a phishing email (Internet Security)

10 tips for spotting a phishing email (Internet Security)

Continuing my series on maintaining your security while using the Internet, here are 10 tips from TechRepublic on how to spot a phishing* 'evilmail':

techrepublic.com/blog/10-th...

As the article says "Phishing emails insinuate themselves into inboxes year-round, but the holidays bring out a rash of new scams."

We've all become familiar with these cleverly crafted malicious attempts to extract information at our cost. While it is easy to discard those from financial institutions with whom we don't even have an account, or parcel delivery notifications when we aren't expecting one, when you receive one purportedly from your bank that looks genuine, it is very easy to be fooled. You can find sites where you are asked to decide which are genuine emails and which are phishing attempts and I was not impressed with my score when I tried to pick the scams. It doesn't help when the email is purportedly from a large business that you deal with and you can't verify the email is genuine when you phone the business. If you have been caught out, contact the real business immediately. You may also be able to report it to a government body. In Australia, the ACCC maintains the Scamwatch website for this purpose: scamwatch.gov.au

which I notice is currently warning us to watch out for fake websites when shopping online for Christmas...

If you've suffered a financial loss, report the matter to the police.

I find the mismatched URL test works very well with most browsers. As the article says, just hover your mouse over the link in the email and check it against the URL that appears at the bottom of your screen. If they don't match, the email is most unlikely to be genuine. Familiarise yourself with these techniques and if you've found another way to distinguish these email scamming attempts, please share them!

There have recently been some very successful high profile industrial espionage incidents using 'Spear Phishing'. These are targeted emails perhaps to company executives or board members, where the scammer has previously investigated their target sufficiently to provide additional information in the email to make it appear genuine. They can then use the email contact to introduce some malware onto the executive's computer which provides a back door into the company's information systems.

*Definition of Phishing from Wikipedia: en.wikipedia.org/wiki/Phishing

"Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures."

Neil

Last weekend, I was delighted to come across a couple of sulphur crested cockatoos while I was out cycling along a nearby river. The cockatoo in the photo alighted on the cycle path and started feeding on a nearby bush. Just as I was about to photograph the cockatoo, some cyclists rode past and the cockatoo amazingly didn't budge. Shortly afterwards the cockatoo decided that a nearby eucalyptus would be a safer perch to enjoy the 'bush tucker' and that's where I snapped this photo.

4 Replies

oldestnewest
  • I had not heard of the mismatch url test. I will be using it from now on,

    Thanks Neil

    Bub

  • The five most dangerous email subjects to watch for according to the article below are:

    1. Invitation to connect on LinkedIn

    2. Mail delivery failed: returning message to sender

    3. Dear Customer

    4. Comunicazione importante

    5. Undelivered Mail Returned to Sender

    zdnet.com/the-five-most-dan...

  • Here's an article on how the tricks phishers use in an attempt to deceive you (and they are already leveraging the recent TARGET data breach where millions of credit card details were captured.)

    Technology can't stop phishing, but perhaps common sense can:

    techrepublic.com/blog/it-se...

    (FUD = Fear, Uncertainty, Doubt)

    It is worth reading the comments for further ideas,

    Neil

  • I would like to suggest an idea to help in the war against phishing emails. Being a pedantic old bugger, as described by several of my friends I've used my strength in this area to help.

    Read the English with a very critical eye. Banks etc. are careful about wording any communication and the English is seldom wrong. Most of the phishing emails I've had are clearly converted into English from anothere language and often have a wrong tense on a verb or more normally words in the wrong order.

    The last two I've received from 'my bank' and Paypal were forwarded on to the real versions of those institutions (they all have security departments). In both cases receiving a thank you, you're correct message. I didnt even have an account with 'my bank'.

    Rob

You may also like...