Select Page

Does Your Email Smell Phishy?

by | Nov 10, 2015 | Cloud Tips, Going Digital, Security, Tips & Techniques

Does your email smell phishy? Sounds like a silly question, but this sort of email scam is a very real and serious problem. Please take a few minutes to learn more about this threat and what you can do to avoid it.

Hacking or phishing login, password or credit card detail

A few months back one of our customers was the victim of an phishing attack. The thieves stole $50k from their business bank account. This theft was the result of an authentic looking email from the bank requesting the user to update his customer information. The link took him to a website made to look exactly like the bank’s website – convincing enough that he logged onto the site with his username and password. Gotcha. The crims used this information to log into the real bank site and clean out the company checking account. Fortunately the money was recovered, but the experience was very disruptive and stressful for all involved.

This type of computer crime is a huge problem. It’s known as phishing – the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information. Some attacks, like the one our customer experienced, are designed to gain access to financial accounts.

PhishingTrustedBankHere’s a good example of a phishing email, disguised as an official email from a fictional bank. The sender is attempting to trick the recipient into revealing confidential information by “confirming” it at the phisher’s website. Note the misspelling of the words received and discrepancy. Also note that although the URL of the bank’s webpage appears to be legitimate, the hyperlink would actually be pointed at the phisher’s webpage.

(Courtesy of Andrew Levine via Wikipedia. You can see the full article here)

Other phishing emails might entice you to click on a link that installs a virus on the your computer. One particularly dangerous example is known as ransomware. This virus encrypts all the data files on your computer, then forces you to pay a ransom to unlock your precious data. Netsafe NZ offers some great advice on dealing with ransomware here.

The number of unique types of phishing email attacks has increased into the hundreds of thousands of discrete types of attacks per year. The threat is very real, but there are a number of things you can do to protect yourself.

We protect our customers in several ways. First we make sure your computer systems are kept up to date with the latest security patches. We install and monitor anti-virus software that constantly updates itself to protect against emerging threats. We also make sure your critical business data is continuously backed up and can be quickly restored.

But the most import line of defence is you, the user. A phishing email is a problem only if you click on the malicious link it contains. Your care and diligence may well avoid a major problem for you and your company. So, here are a few tips to avoid becoming the victim of a phishing attack.

  • Treat every hyperlink in an email with suspicion. This includes emails from trusted sources, because it’s not unusual for a hacked user account to send malicious emails to the user’s friends and colleagues.
  • If you hover the cursor over a suspicious link you should see the actual web address for the link. If this address is not what you expect then don’t click on the link.
  • If an “official” message from a large company contains poor spelling and grammar, then that’s a tell-tale sign it’s not legitimate. Delete it.
  • If a hyperlink takes you to a page requesting any sort of personal information, then check the address in the web browser’s window to verify that you’re at the right site. For instance, if you think you’re at paypal.com, but the web page’s address says paypa1.com, close the browser window immediately.
  • The web address for any site requesting private information should start with “https.” This means that you have a secure connection to the web server. If it doesn’t don’t trust it.
  • If an email that appears to be from your bank asks you to provide private information, your best bet is to bypass the links in the email and log into your online banking in the normal manner, then check for messages and alerts from there. If you suspect fraud then call the bank and let them know.
  • Use a modern browser like Chrome or Firefox. These browsers have built-in phishing and malware protection that warns you when you attempt to access a website known to be fraudulent.
  • Use two factor authentication when possible for your online banking accounts and any other online services that contain critical business or personal information. The short short video below describes two factor authentication – definitely worth watching.
  • Beware of emails that offer “free” goods, amazing business or investment opportunities, “guaranteed” loans or credit, or other such incredible deals. If it seems too good to be true, then it’s probably a scam. Delete the email and move on.

If you have any questions please don’t hesitate to contact us. We’re here to help!

 

YouTubeSpeedTip: This presenter talks rather slowly. For a better viewing experience try speeding it up 25%. Just start the video, click on the cog in the lower right hand corner of the video, and change the speed to 1.25. Much better. Oh, there’s an added benefit: the viewing time drops from 4:28 to 3:34. Yay!