Continuing my series on maintaining your security while using the Internet, here are 10 tips from TechRepublic on how to spot a phishing* 'evilmail':
As the article says "Phishing emails insinuate themselves into inboxes year-round, but the holidays bring out a rash of new scams."
We've all become familiar with these cleverly crafted malicious attempts to extract information at our cost. While it is easy to discard those from financial institutions with whom we don't even have an account, or parcel delivery notifications when we aren't expecting one, when you receive one purportedly from your bank that looks genuine, it is very easy to be fooled. You can find sites where you are asked to decide which are genuine emails and which are phishing attempts and I was not impressed with my score when I tried to pick the scams. It doesn't help when the email is purportedly from a large business that you deal with and you can't verify the email is genuine when you phone the business. If you have been caught out, contact the real business immediately. You may also be able to report it to a government body. In Australia, the ACCC maintains the Scamwatch website for this purpose: scamwatch.gov.au
which I notice is currently warning us to watch out for fake websites when shopping online for Christmas...
If you've suffered a financial loss, report the matter to the police.
I find the mismatched URL test works very well with most browsers. As the article says, just hover your mouse over the link in the email and check it against the URL that appears at the bottom of your screen. If they don't match, the email is most unlikely to be genuine. Familiarise yourself with these techniques and if you've found another way to distinguish these email scamming attempts, please share them!
There have recently been some very successful high profile industrial espionage incidents using 'Spear Phishing'. These are targeted emails perhaps to company executives or board members, where the scammer has previously investigated their target sufficiently to provide additional information in the email to make it appear genuine. They can then use the email contact to introduce some malware onto the executive's computer which provides a back door into the company's information systems.
*Definition of Phishing from Wikipedia: en.wikipedia.org/wiki/Phishing
"Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures."
Last weekend, I was delighted to come across a couple of sulphur crested cockatoos while I was out cycling along a nearby river. The cockatoo in the photo alighted on the cycle path and started feeding on a nearby bush. Just as I was about to photograph the cockatoo, some cyclists rode past and the cockatoo amazingly didn't budge. Shortly afterwards the cockatoo decided that a nearby eucalyptus would be a safer perch to enjoy the 'bush tucker' and that's where I snapped this photo.