Oleh Diposting pada

In large companies, as a rule the average employee isn’t often asked for an opinion on their career aspirations, areas of interest, or accomplishments outside their job description. It tends to happen once a year — for the performance review. However, many would like to share their thoughts with management much more often. So, when an invitation to take a self-evaluation lands in the inbox, they jump at the chance without hesitation. And this is what cybercriminals exploit in the latest spear-phishing campaign.

Phishing email with invitation

Seemingly from HR, an email arrives containing an elaborate description of the employee self-evaluation procedure, which “promotes candid dialogue between staff members and their managers/supervisors”. It goes on to say that “you can learn a lot about your strengths and shortcomings … to reflect on your successes, areas for development, and career objectives”. All in all, quite a convincing piece of corporate spiel.

Email to employees inviting them to undergo a self-evaluation

Email to employees inviting them to undergo a self-evaluation

Convincing it may be, but all the same the email does contain a few identifiable red flags regarding phishing. For starters, take a look at the domain name in the sender’s address. That’s right, it doesn’t match the name of the company. Of course, it’s possible that your HR department might be using a contractor unknown to you — but why would “Family Eldercare” be providing such services? Even if you don’t know that this is a non-profit organization that helps families care for elderly relatives, the name should ring an alarm bell.

What’s more, the email says that the survey is “COMPULSORY for EVERYONE”, and must be completed “by End Of Day”. Even if we leave aside the crude and faulty capitalization, the focus on urgency is always a reason to stop and think — and check with the real HR department whether they sent it.

Fake self-evaluation form

Those who miss the flags and click through to the form are faced with a set of questions that may actually have something to do with assessing their performance. But the crux of the phishing operation lies in the last three of those questions — which ask the victim to provide their email address, and enter their password for authentication and then re-enter it for confirmation.

Last three questions of the fake questionnaire

Last three questions of the fake questionnaire

This is actually a smart move on the phishers’ part. Typically, phishing of this type leads straight from the email to a form for entering corporate credentials on a third-party site, which puts many on their guard straight away. Here, however, the request for a password and email address (which commonly doubles up as a username) is disguised as part of the form — and at the very end. By this stage the victim’s vigilance is well and truly lulled.

Also note how the word “password” is written: two letters are replaced with asterisks. This is to bypass automatic filters set to search for “password” as a keyword.

How to stay safe

To stop company employees falling for phishing, keep them informed of all the latest tricks (for example, by forwarding our posts about phishing ploys). If you prefer a more systematic approach, carry out regular trainings and checks, for example with our Kaspersky Automated Security Awareness Platform.

Ideally, employees should never even see most phishing thanks to technical means: install security solutions with anti-phishing technology both at the corporate mail gateway level and on all work devices used for internet access.


#phishing #selfevaluation #questionnaire #Kaspersky #official #blog

Oleh Diposting pada

The creators of any website bear the moral and legal responsibility for it during its entire existence. Moreover, few people know that if a corporate web server gets hacked, it’s not only the company and its customers that may suffer; often, a hacked site becomes a platform for launching new cyberattacks, with its owners not even being aware of it.

Why websites get hacked

A website hack can be part of a larger cyberattack, or a standalone operation. By “hack”, we mean making changes to the target site — not to be confused with a DDoS attack. If your company finds itself in the crosshairs of hackers, their goals are usually to:

  • Exert pressure on the victim organization as part of a ransomware attack, including by making the hack known to customers and partners;
  • Download valuable information from the site, for example, customer contact details stored in a database;
  • Distract IT and InfoSec teams from a more serious data theft or sabotage attack occurring at the same time;
  • Cause reputational damage.

That said, very often hackers don’t need your site in particular. They’ll happily make do with any reputable site they can sneak malicious content onto. Once that’s achieved, they can populate the site with phishing pages, links to spam resources, and pop-up ads. Basically, it turns into a cybercriminal tool. At the same time, the main sections of the site may be unaffected. Customers and employees visiting the home page won’t notice anything different. The malicious content is tucked away in new subfolders to which victims get lured through direct links.

How websites get hacked

Website hacks are normally carried out through vulnerabilities in server applications: web servers, databases, or content management systems and their add-ons. Around 43% of all websites on the internet run on WordPress, so it’s no surprise that hackers pay special attention to this content management system. Vulnerabilities are discovered in WordPress and thousands of add-ons for it regularly, and not all authors get around to fixing their plug-ins. And besides, not all users promptly install updates for their sites.

Attackers can exploit a vulnerability to upload to the web server a so-called web shell; that is, additional files and scripts allowing them to manage site content while bypassing standard administration tools. Next, they place malicious content on the site in subfolders, taking pains not to affect the main pages of the legitimate site.

Another common hacking scenario is to guess the administrator password. This is possible if the administrator uses weak passwords, or the same password on different web resources. In this way, cybercriminals can place malicious content by means of standard administration tools, creating new users on the site, as well as additional subsections or pages. However, this increases the likelihood of detection, so even in this case, attackers prefer to install their own backdoor in the shape of a web shell.

Damage from website hacking

In case of a large case targeted attack, the given company immediately suffers financial and reputational damage. As for opportunistic attacks, the harm is indirect. Website maintenance costs can increase due to spam content and its views. At the same time, the site’s SEO reputation drops, so it gets fewer visitors from search engines. The site may even be flagged as malicious, in which case its traffic drops catastrophically. In practice, however, hackers may go for abandoned sites, so issues with traffic are of no relevance.

How websites get abandoned

The internet has long turned into a website graveyard. According to statistics, there are more than 1.1 billion websites in total, but 82% of them are not updated or maintained. In the case of corporate websites, a number of scenarios can be the cause:

  • A company ceases to operate, but its website is published on free hosting and keeps running;
  • The only employee who had access to the site leaves the given small business. Unless the owners take action, the site will remain frozen for months or even years;
  • A company rebrands or merges, but keeps the old website “temporarily” for customers. The revamped entity then gets a brand-new site, and the “temporary” old one is gradually forgotten;
  • A dedicated site is launched for a marketing campaign, product line, blog, or side project. When the project is over, the site is no longer updated, but it’s not shut down either.

Signs of website hacking

Since the main pages are often left untouched by hackers, it can be difficult to tell if your site has been compromised. But there are some pointers: the site is running slower than usual; traffic has sharply increased or decreased for no apparent reason; new links or banners have appeared out of nowhere; problems with control panel access; new folders, files, or users can be seen in the control panel. Still, the most obvious sign is if others start bombarding you with complaints about malicious content on your site. To properly diagnose the situation, you need to study the web server logs, but this task is better entrusted to experts. Like pest control, it takes experience to get rid of an infestation — which here means removing the web shell and other backdoors from the site.

How to guard against website hacking

Even small companies without a large cybersecurity budget can implement simple measures that greatly reduce the chances of getting hacked:

  • Set long, strong passwords for the administration section of your site, and enable two-factor authentication. Each administrator must have their own password;
  • Never allow just one person to have access to the site (unless the company has just one employee, naturally). Remember to revoke access when employees leave;
  • Make sure to keep updated all software components of the site, including the operating system, web server, databases, content management system, and add-ons. Install updates as soon as they are released. If your company lacks the time or expertise, better to use professional website hosting where security is in the hands of a dedicated team. For example, for WordPress there are specialized secure hosting platforms, such as WP Engine;
  • Maintain a registry of all company websites. It should list every site created, even temporary ones set up, say, for a one-month ad campaign;
  • Each site in the registry should have its software components updated regularly, even if there’s no business need to update the content;
  • If the site is no longer needed, and the resources are lacking to update it, better to close it down in a tidy manner. Save the data to an archive, then terminate your hosting account. If necessary, you can also cancel the domain delegation. Another way to shut down a subsite is to remove all content from it, disable any software add-ons like WordPress, and set up redirection to the company’s main site.


#Ways #protect #WordPress #sites #blogs #hacking

Oleh Diposting pada

Short links are everywhere these days. All these bit.ly, ow.ly, t.co, t.me, tinyurl.com and the like have long since become a familiar part of the online landscape. So familiar, in fact, that most users click on them without thinking twice. But thinking is never a bad thing. With that in mind, we explain below how short links work and what privacy and security threats they can pose.

What happens when you click on a short link?

When you click on a short link, you almost go straight to the intended destination, which is the address specified by the user who created the link. Almost, but not quite: the actual route takes a quick detour via the URL shortener service.

The more efficient the service, the quicker this takes, and the smoother the transition to the end stop. Of course, the delay feels insignificant only to a person — we humans are rather slow. But for an electronic system, it’s more than long enough to get up to all kinds of activity, which we’ll discuss below.

Why short links? The main reason is one of space: making a long link shorter means it takes up less of the screen (think mobile devices) and doesn’t eat up the character limit (think social media posts). Alas, that’s not all there is to it. The creators of short links may be pursuing their own goals, not necessarily driven by concern for users. Let’s talk about them.

Short links and user tracking

Have you ever wondered why many internet links are so long and unsightly? It’s usually because links encode all kinds of parameters for tracking click-throughs, so-called UTM tags.

Usually, these tags are deployed to determine where the user clicked on the link, and thus to evaluate the effectiveness of ad campaigns, placement on blogger pages, and so on. This is not done in the name of user convenience, of course, but for digital marketing.

In most cases, this is a fairly harmless form of tracking that doesn’t necessarily collect data from link clickers: often marketers are just interested in the source of traffic. But since this additional “packaging” doesn’t look very aesthetic, and often makes the URL insanely long, shortener services are often brought into play.

What’s more unpleasant from a privacy point of view is that URL shorteners don’t limit themselves to redirecting users to the destination address. They also tend to harvest a host of statistics about the link clickers — so your data ends up in the hands not only of the creator of the short link through embedded UTM tags, but also of the owners of the URL shortener. Of course, this is the internet, and everyone collects some kind of statistics, but using a short link introduces another intermediary that holds data on you.

Disguised malicious links

Besides violating your privacy, short links can threaten the security of your devices and data. As we never tire of repeating: always carefully check links before clicking on them. But with short links, a problem arises: you never know for sure where it is you’ll be taken.

If cybercriminals use short links, the advice to check them becomes meaningless: you can only find out where a link points after clicking. And by then it may be too late — if the attackers exploit a zero-click vulnerability in the browser, the infection can occur as soon as you land on the malicious site.

Short links and dynamic redirects

Cybercriminals can also use link-shortening tools to change the target address as the need arises. Suppose that some attackers bought a database of millions of email addresses and used it to send out phishing messages with some kind of link. But here’s the problem (for the attackers): the phishing site they created was quickly discovered and blocked. Rehosting it at a different address is not an issue, but then they would have to resend all the phishing mailshots.

The solution (again, for the attackers) is to use a “shimming” service, which makes it possible to quickly change the URL users will visit. And the role of “shims” here can be played by URL shorteners, including ones originally created with dubious intentions in mind.

With this approach, a link to the shimming service is added to the phishing email, which redirects victims to the phishers’ site at their currently active address. Often, multiple redirects are used to further muddy the trail. And if the destination phishing site gets blocked, the cybercriminals simply host it at a new address, change the link in the shim, and the attack continues.

Man-in-the-middle attacks

Some link-shortening tools, such as Sniply, offer users more than just shorter links. They allow tracking the actions of link clickers on the actual destination site, which is effectively a man-in-the-middle attack: traffic passes through an intermediate service node that monitors all data exchanged between the user and the destination site. Thus, the URL shortener can intercept anything it wants: entered credentials, social network messages, and so on.

Personal spying

In most cases, short links intended for mass use are placed in social network posts or on web pages. But additional risks arise if one was sent to you personally — in a messenger or an email to your personal or work address. Using such links, an attacker who already has some information about you can redirect you to a phishing site where your personal data is pre-filled. For example, to a copy of a banking site with a valid username and a request to enter your password, or to the “payment gateway” of some service with your bank card number pre-filled, asking you to enter a security code.

What’s more, such links can be used for doxing and other types of tracking, especially if the URL shortener service offers advanced functionality. For instance, our recent post about protecting privacy in Twitch looked in detail at ways to de-anonymize streamers and how to counter them.

How to stay protected

What to do about it? We could advise never to click on short links, but, in the vast majority of cases, URL shorteners are used for legitimate purposes, and short links have become so common that total avoidance isn’t really an option. That said, we do recommend that you pay special attention to short links sent to you in direct messages and emails. You can inspect such links before clicking by copying and pasting them into a tool for checking short links, such as GetLinkInfo or UnshortenIt.

However, there is a simpler method: a high-quality security solution with an integrated approach that takes care of security and privacy at the same time. For example, our Kaspersky Premium has a Private Browsing component that blocks most known online trackers and thus prevents your online activities from being monitored.

Our products also offer protection against online fraud and phishing, so rest assured that Kaspersky Premium will warn you in good time before landing on a dangerous site — even if the link was shortened. And, of course, the antivirus will guard against any attempts to infect your devices — including ones exploiting as-yet-unknown vulnerabilities.


#Privacy #security #threats #short #links

Oleh Diposting pada

Beware: hundreds of thousands of websites are fakes. They’re made to look like the sites of popular online stores, banks, and delivery services, but with just one purpose: to steal your passwords and financial data. Victims are lured to such sites by phishing emails, messenger chats, and even paid ads. But don’t despair: even if you click on a bogus link, it might still be possible to escape the scammers’ clutches without loss. As long as you spot the fake in time…

Where do phishing sites get hosted?

Sometimes scammers create a special new website and register a name for it that resembles the original (for example, netflik.com instead of netflix.com). Our separate post on fake names is worth checking out. But such sites are expensive to make and easy to block, so many cybercriminals take a different route. They hack legitimate sites of any kind, then create their own subsections where they publish phishing pages. It’s very often SMBs that fall victim to such hacks because they lack the resources to constantly update and monitor their websites. Sometimes a site hack can go unnoticed for years, which is a godsend for cybercriminals.

One of the most popular web content management systems is WordPress, and the number of hacked sites on the platform runs into the tens of thousands. However, once you know what to look for, it’s not hard to detect such sites yourself.

First sign of fakery: mismatch between site name and address

When following a link in an email, a social media post, or an ad, it pays to take a look at the URL of the site you land on. If it’s a hacked site, the discrepancy will be staring you in the face. The name of the service the fake site pretends to be might crop up somewhere in the directory path, but the domain name will be completely different; for example: www.medical-helpers24.dmn/wp-admin/js/js/Netflix/home/login.php. You know perfectly well that Netflix lives at netflix.com, so what’s it doing on medical-helpers24?

It looks like Netflix, but the URL screams phishing

It looks like Netflix, but the URL screams phishing

Checking the URL requires a little more effort on mobile devices because many apps open links in such a way that the site address isn’t visible or is only partially visible. In this case, click on the address bar in your browser to see the site’s full address.

Second sign of fakery: directory path elements

When looking at the full address of a web page, pay attention to the tail of the URL after the domain name. It might be rather long, but just focus on the first parts. Hacked subsections of a site are usually hidden deep within WordPress service directories, so the address will most likely contain elements like /wp-content/, /wp-admin/ or /wp-includes/.

In our example, www.medical-helpers24.dmn/wp-admin/js/js/Netflix/home/login.php, one such element comes right after the domain name, confirming our suspicions that the site has been compromised.

Chances are that the URL will end in .php. Pages with the .php extension are quite common, and this in itself is not a sign of hacking. But in combination with this directory path, the .php extension is compelling evidence of guilt.

Third sign of fakery: the site has a different subject

If the site name seems unfamiliar or suspicious, you can perform an additional check by going to the home page. To do that, delete the URL tail, leaving only the domain name. And this may open the page of the real owner of the site, which will be totally unlike the phishing page both in subject and design. It might even be in a different language, as in the example below:

French phishing on a Chinese site

French phishing on a Chinese site

Your personal data on a fake website

It might happen that some information fields (such as your email address or bank card number) are correctly pre-filled even on a phishing site. This means that the attackers have somehow gotten hold of a database of stolen personal data and are seeking to enrich it with additional information, such as passwords and CVV numbers. To this end, they post a table with known data on the victims, and this can often be freely downloaded from the site. So, if you see your real card number on a fake site, have the card reissued straight away, then think about additional security measures for other personal data. For example, if your email has been leaked, protect your email login with a stronger password and be sure to enable two-factor authentication.

How to guard against phishing

  • Be vigilant. For the above tips to work, remember to check every link you click on.
  • Check links before you click on them — some attacks don’t require the victim to do anything but land on an infected site. On your computer, you can hover over a link to show the URL it will take you to. On your phone, tap and hold the link with your finger to see the URL in the pop-up menu.
  • Important addresses (your bank, email server, etc.) are best accessed through bookmarks or typing them manually, not through links in emails.
  • Install security solutions on all computers, tablets, and phones. Phishing can get you on any device, so use Kaspersky Premium to keep all your digital companions secure.


#spot #phishing #hacked #WordPress #website

Oleh Diposting pada

You’ve received an email at work asking you to change your email password, confirm your vacation period, or make an urgent money transfer at the request of the CEO. Such unexpected requests could be the start of a cyberattack on your company, so you need to make sure it’s not a scam. So how do you check email addresses or links to websites?

The centerpiece of a fake is usually the domain name; that is, the part of the email after the @, or the beginning of the URL. Its task is to inspire confidence in the victim. Sure, cybercriminals would love to hijack an official domain of the target company, or of one of its suppliers or business partners, but in the early stages of an attack they usually don’t have that option. Instead, before a targeted attack, they register a domain that looks similar to that of the victim organization – and they hope that you won’t spot the difference. Such techniques are called lookalike attacks. The next step is to host a fake website on the domain or fire off spoof emails from mailboxes associated with it.

In this post, we explore some of the tricks used by attackers to prevent you from noticing a domain spoof.

Homoglyphs: different letters, same spelling

One trick is using letters that are visually very similar or even indistinguishable. For example, a lowercase “L” (l) in many fonts looks identical to a capital “i” (I), so an email sent from the address JOHN@MlCROSOFT.COM would fool even the more eagle-eyed. Of course, the sender’s actual address is john@mLcrosoft.com!

The number of devilish doubles increased after it became possible to register domains in different languages, including ones that don’t use the Latin alphabet. A Greek “ο”, Russian “о”, and Latin “o” are totally indistinguishable to a human, but in the eyes of a computer they’re three distinct letters. This makes it possible to register lots of domains that all look like microsоft.cοm using different combinations of o’s. Such techniques employing visually similar characters are known as homoglyph or homograph attacks.

Combo-squatting: a little bit extra

Combo-squatting has become popular with cybercriminals in recent years. To imitate an email or website of the target company, they create a domain that combines its name and a relevant auxiliary word, such as Microsoft-login.com or SkypeSupport.com. The subject of the email and the end of the domain name should match up: for example, a warning about unauthorized access to an email account could link to a site with the domain outlook-alert.

The situation is made worse by the fact that some companies do indeed have domains with auxiliary words. For example, login.microsoftonline.com is a perfectly legitimate Microsoft site.

According to Akamai, the most common combo-squatting add-ons are: support, com, login, help, secure, www, account, app, verify, and service. Two of these – www and com – warrant a separate mention. They are often found in the names of websites, and the inattentive user might not spot the missing period: wwwmicrosoft.com, microsoftcom.au.

Top-level domain spoofing

Sometimes cybercriminals manage to register a doppelganger in a different top-level domain (TLD), such as microsoft.co instead of microsoft.com, or office.pro instead of office.com. In this case, the name of the spoofed company can remain the same. This technique is called Tld-squatting.

A substitution like this can be very effective. It was just recently reported that, for over a decade, various contractors and partners of the U.S. Department of Defense have been mistakenly sending emails to the .ML domain belonging to the Republic of Mali instead of the American military’s .MIL domain. In 2023 alone, a Dutch contractor intercepted more than 117,000 misdirected emails bound for Mali instead of the DoD.

Typo-squatting: misspelled domains

The simplest (and earliest) way to produce doppelganger domains is to exploit various typos that are easy to make and hard to spot. There are lots of variations here: adding or removing doubles (ofice.com instead of office.com), adding or removing punctuation (cloud-flare or c.loudflare instead of cloudflare), replacing similar-sounding letters (savebank instead of safebank), and so on.

Typos were first weaponized by spammers and ad fraudsters, but today such tricks are used in conjunction with fake website content to lay the groundwork for spear-phishing and business email compromise (BEC).

How to guard against doppelganger domains and lookalike attacks

Homoglyphs are the hardest to spot and almost never used for legitimate purposes. As a result, browser developers and, in part, domain registrars are trying to defend against such attacks. In some domain zones, for example, it is forbidden to register names with letters from different alphabets. But in many other TLDs there’s no such protection, so you have to rely on security tools. True, many browsers have a special way of displaying domain names containing a mix of alphabets. What happens is that they represent the URL in punycode, so it looks something like this: xn--micrsoft-qbh.xn--cm-fmc (this is the site microsoft.com with two Russian o’s).

The best defense against typo-squatting and combo-squatting is attentiveness. To develop this, we recommend that all employees undergo basic security awareness training to learn how to spot the main phishing techniques.

Unfortunately, the cybercriminal’s arsenal is wide-ranging and by no means limited to lookalike attacks. Against carefully executed attacks tailored to a specific company, mere attentiveness isn’t enough. For example, this year attackers created a fake site that cloned Reddit’s intranet gateway for employees and successfully compromised the company. Therefore, infosec teams need to think about not only employee training, but also vital protection tools:


#Lookalike #attacks #phishing #BEC

Oleh Diposting pada

Usum panas geus datang, jeung usum liburan di ayun pinuh. Marengan wisatawan, scammers nargétkeun wisata ogé beuki aktip. Ahli kami nalungtik bahaya anu disanghareupan ku wisatawan dina usum liburan 2023. Ieu naon anu aranjeunna mendakan…

serangan phishing on pamaké Booking.com

Hayu urang mimitian ku situs phishing anu meniru Booking.com, salah sahiji situs pang populerna di dunya pikeun booking hotél sareng apartemen online. Tujuan tina situs palsu ieu nyaéta pikeun ngumpulkeun alamat email anu ganda salaku nami pangguna, ogé sajenis “sandi email”. The phishers sigana geus nyieun jalan sabudeureun éta: naon maranéhna bener pilari bisa jadi sandi pikeun akun Booking.com.

Situs Booking.com palsu

Phisher maok kredensial login pamaké Booking.com

Narikna, phishers teu poho kategori kadua panglobana pamaké Booking.com: hotél sarta apartemen nu boga ramatloka pikeun narik konsumén. Pikeun aranjeunna ogé, aya situs palsu anu ngandung ngaran pamaké sareng kecap akses.

situs Booking.com palsu sejen

Situs-situs sanés anu pura-pura janten Booking.com panén kredensial pamilik hotél sareng apartemen

Pikeun ngahindarkeun trik sapertos kitu, parios alamat halaman wéb sacara saksama sateuacan ngalebetkeun kredensial di jerona. Upami anjeun teu yakin naon alamatna anu asli, langkung saé pariksa deui nganggo mesin pencari sareng Wikipedia lami anu saé.

Scammers ngamangsa pamaké Airbnb

Inevitably, cybercriminals teu neglected bastion sejen tina booking akomodasi online, Airbnb. Situs Airbnb palsu – salinan karbon asli – nawiskeun nyéwa apartemen anu pikaresepeun sareng terus-terusan ngingetkeun sémah yén aranjeunna kedah mindahkeun kawat ka sababaraha agén pikeun ngonfirmasi reservasina.

Situs Airbnb palsu

Situs Airbnb palsu ngadesek sémah pikeun mayar pesenan anu teu aya

Éta henteu kedah disebatkeun yén “palanggan” anu ngirim transferna teu aya tapi liang dina dompétna. Pikeun ngahindarkeun bahaya ieu, sok parios alamat situs sacara saksama sateuacan ngirim artos ka anu gaduh.

Ngumpulkeun data pamaké dina situs survéy perjalanan palsu

Kurang serius, tapi ogé kirang fun scams online ngalibetkeun situs nu janji hadiah berharga pikeun nyokot survey. Dina hal ieu — survey perjalanan anu nawiskeun hadiah US$100.

Survei perjalanan palsu

Dipikagaduh ku prospek kolam renang hadiah US $ 100, sémah dipenta pikeun nyandak survey palsu (sareng nyayogikeun data pribadi)

Dina ahir survey, fraudsters biasana nanya ka korban sababaraha data pribadi: ngaran hareup jeung tukang, alamat, nomer telepon, sarta kadangkala informasi pamayaran. Data éta tiasa dianggo engké pikeun sagala jinis hal anu goréng – tina maling identitas dugi ka hacking akun kauangan. Sedengkeun pikeun “kado”, éta moal datang.

Ngahindarkeun ancaman ieu gampang: entong dibobodo ku janji-janji artos anu gampang — khususna nalika jumlah anu ageung turun ti langit.

Situs phishing maskapai

Target tradisional séjén pikeun phishers nyaéta panumpang kapal terbang. Kaca palsu sok muncul niru situs resmi operator anu béda. Tangtosna, langkung ageung maskapai, langkung dipikaresep yén kredensial para nasabahna bakal diburu ku phishers.

ramatloka maskapai palsu

Situs phishing lapar pikeun akun palanggan maskapai populér

Tujuan di dieu tiasa dua kali. Kahiji, meureun aya kapentingan finansial langsung: sadaya maskapai utama boga program kasatiaan jeung titik bonus nu mangrupakeun jenis mata uang. Mun penjahat cyber junun hack kana akun batur anu boga cukup titik bonus, aranjeunna bisa meuli tiket jeung ngajual eta duit nyata, nu aranjeunna kantong.

ramatloka maskapai palsu sejen

Situs phishing anu ngumpulkeun kredensial pikeun akun program kasatiaan maskapai

Kadua, kredensial login tiasa dikumpulkeun pikeun ngabajak akun anu sanés milik korban. Hanjakalna, padika hacking ieu ngagaduhan kasempetan suksés pisan, sabab ngagunakeun deui kecap konci masih umum. Janten kecap akses pikeun akun program kasatiaan maskapai tiasa dianggo saé pikeun email.

scam tiket pesawat mahiwal

Taun ieu ogé parantos ningali metode anu teu konvensional pikeun ngiringan pembeli tiket pesawat ka Inggris. Penipu anu nyamar salaku karyawan agénsi perjalanan nawiskeun tiket kalayan harga anu pikaresepeun. Naon deui, sanggeus mayar, pesenan némbongan dina sakabéh sistem – leres pisan nyata.

Sanajan kitu, para seniman penipu teu sabenerna meuli tiket; tibatan, aranjeunna mangpaatkeun layanan tikét ngumpulkeun samentara anu dipaké dina loba sistem booking jeung waragad teu leuwih ti sababaraha belasan dollar. Ladenan éta malah napelkeun naon anu disebut catetan ngaran panumpang (PNR) pikeun pesenan – kode alfanumerik genep digit kalayan nami anu béda, gumantung kana maskapai: rujukan booking, nomer reservasi, kode konfirmasi penerbangan, jsb. Kode ieu ngamungkinkeun anjeun pikeun pariksa pesenan anjeun dina situs wéb maskapai sareng pastikeun yén éta asup kana sistem.

Tangtosna, saprak scammer henteu pernah nebus tikét, nalika waktos ngantosan béak, reservasi janten waluh. Beda antara ratusan dollar dibayar pikeun tikét non-existent jeung dua puluh dollar spent dina layanan reservasi ieu duly pocketed ku fraudsters, anu lajeng mysteriously gagal pikeun ngabales patarosan pencét korban.

Saliwatan, aya cara pikeun mastikeun yén anjeun mayar tikét anu leres – sanés reservasi. Ngan katingal dina informasi urutan pikeun a Nomer tiket 13 digit (contona, 123-4567890123), sarta henteu keur a PNR genep digit (contona, A1B2C3). Upami aya nomer tiket, hartosna tiket pesawat parantos dibayar sareng dikaluarkeun sareng anjeun henteu kedah hariwang.

Kumaha carana ngeureunkeun scammers ti ruining pakansi Anjeun

Tungtungna, sababaraha tip ngeunaan cara ngajagi perjalanan anjeun tina scammers sareng phisher online:

  • Lamun meuli tiket hawa, kitu ogé booking hotél sarta apartemen, make ngan situs web reputable.
  • Upami mungkin, mésér tikét anjeun langsung dina situs wéb maskapai. Meureun saeutik leuwih mahal, tapi salawasna aman.
  • Entong dibobodo ku janji-janji hadiah anu luar biasa atanapi harga anu murah. Sakumaha anjeun terang, upami kéju gratis, éta sigana dina perangkap beurit.
  • Pariksa taliti alamat situs dimana anjeun réngsé.
  • Sareng triple pariksa URL halaman sateuacan ngalebetkeun inpormasi penting di dinya: nami pangguna sareng kecap konci, nomer kartu pamayaran, jsb.
  • Entong ngabagikeun nomer reservasi ka saha waé, atanapi masangkeun poto tikét maskapai sareng barcode atanapi PNR anu katingali dina jaringan sosial – ieu sababna.
  • Sababaraha dinten sateuacan tanggal angkat anjeun, pariksa sadaya pesenan anu anjeun lakukeun pikeun perjalanan. Upami aya masalah sareng reservasi, langkung saé direngsekeun heula, sanés di meja check-in bandara atanapi resepsi hotél.
  • Anggo antipirus anu tiasa dipercaya sareng panyalindungan internal tina panipuan online sareng phishing dina sadaya alat anjeun. Ieu bakal masihan anjeun peringatan awal situs anu kedah dihindari.


#Perjalanan #phishing #sareng #panipuan #online

Oleh Diposting pada

Usum panas mendakan seueur karyawan perusahaan neuteup lila-lila kaluar jandela, sakapeung ningali kalénder. Anjeun teu kudu jadi psikis pikeun maca kecap “liburan” dina pikiran maranéhanana. Atawa penjahat cyber – anu ngamangpaatkeun sentimen sapertos ngaliwatan phishing. Tujuanana, sapertos biasa, nyaéta pikeun ngabujuk kapercayaan perusahaan. Kami ngajalajah panipuan sapertos kitu sareng ngajelaskeun naon anu anjeun kedah perhatikeun.

Surélék phishing

Tujuanana nyaéta pikeun ngaklik tautan phishing. Pikeun ngahontal ieu, panyerang kedah mareuman sisi pamikiran kritis otak korban, biasana ku cara nyingsieunan atanapi intrik. Kasempetan, dina awal usum panas, nami jadwal pakansi bakal ngalakukeun trik. Dina waktos ayeuna, seueur karyawan anu parantos ngarencanakeun, mésér tikét, mesen hotél. Upami tanggal liburan ujug-ujug robih, sadaya rencana ieu bakal dibatalkeun. Ku alatan éta, scammers ngirim surelek disangka ti HR on jejer libur: sugan a rescheduling dadakan, kudu mastikeun kaping, atawa clash kalawan sababaraha acara penting. Email sapertos kieu sapertos kieu:

Surélék HR palsu

Kusabab dina hal ieu masalahna nyaéta phishing massal, sanés phishing tumbak, éta gampang pisan pikeun mendakan trik panyerang. Hal utama nyaéta nolak pangjurung pikeun klik langsung dina tautan pikeun ningali tanggal pakansi anu dirévisi anjeun. Lamun urang nalungtik email leuwih raket, janten jelas yén:

  • Pangirimna (cathy@multiempac.com) sanes karyawan perusahaan anjeun;
  • “Penandatanganan” “Diréktur SDM” teu gaduh nami sareng tanda tangan henteu cocog sareng gaya perusahaan organisasi anjeun;
  • Disumputkeun di tukangeun tautan anu nembongan nunjuk kana file PDF mangrupikeun alamat anu béda-béda (anjeun tiasa ningali ku ngalayangkeun tautan).

Éta ogé pas janten jelas yén panyerang ngan ukur terang alamat panampi. Alat surat massal otomatis nyandak nami domain perusahaan sareng nami karyawan tina alamatna sareng otomatis ngagentos ku tautan dummy sareng tandatangan pangirim.

Situs phishing

Sanaos korban ngelek umpan sareng ngaklik tautan, éta masih tiasa mendakan tanda-tanda phishing dina situs panyerang. Link dina email di luhur nunjuk ka dieu:

Situs palsu anu maok kredensial

Situs sorangan kirang ti ngayakinkeun:

  • Pikeun ngamimitian, éta henteu di-host dina server perusahaan anjeun, tapi dina Huawei Cloud (myhuaweicloud.com), dimana saha waé tiasa nyéwa rohangan;
  • Ngaran koropak teu cocog jeung ngaran PDF dieusian dina email;
  • Henteu aya atribut tunggal dina situs pikeun nyambungkeunana sareng perusahaan anjeun.

Tangtosna, pas korban ngalebetkeun kecap konci na dina jandela login, éta langsung ka server penjahat cyber.

Kumaha tetep aman

Pikeun ngirangan kamungkinan karyawan perusahaan anjeun mendakan email phishing, anjeun kedah gaduh panyalindungan dina tingkat gateway email. Naon deui, sadaya alat anu nyambung ka internét kedah ditangtayungan ku solusi kaamanan endpoint.

Salaku tambahan, kami nyarankeun ngayakeun pelatihan kasadaran rutin pikeun karyawan ngeunaan ancaman siber panganyarna, atanapi, sahenteuna, nginpokeun aranjeunna ngeunaan panipuan phishing poténsial. Kanggo inpo nu langkung lengkep ihwal trik sareng perangkap phisher, tingali tulisan anu sanés dina blog ieu.


#phishing #scam #Blog #resmi #Kaspersky

Oleh Diposting pada

Ping, it’s a scammer! 

The sound of an incoming email, text, or direct message has a way of getting your attention, so you take a look and see what’s up. It happens umpteen times a week, to the extent that it feels like the flow of your day. And scammers want to tap into that with sneaky phishing attacks that catch you off guard, all with the aim of stealing your personal information or bilking you out of your money.  

Phishing attacks take several forms, where scammers masquerade as a legitimate company, financial institution, government agency, or even as someone you know. And they’ll come after you with messages that follow suit: 

  • “You have a package coming to you, but we’re having a problem with delivering it. Please click here to provide delivery information receive your package.” 
  • “We spotted what may be unusual activity on your credit card. Follow this link to confirm your account information.” 
  • “You owe back taxes. Send payment immediately using this link or we will refer your case to law enforcement.” 

You can see why phishing attacks can be so effective. Messages like these have an urgency to them, and they seem like they’re legit, or they at least seem like they might deal with something you might care about. But of course they’re just a ruse. And some of them can look and sound rather convincing. Or at least convincing enough that you’ll not only give them a look, but that you’ll also give them a click too. 

And that’s where the troubles start. Clicking the links or attachments sent in a phishing attack can lead to several potentially nasty things, such as: 

  • A phony login page where they scammer tries to steal account credentials from you. 
  • A malware download that can install keylogging software for stealing passwords and other information as you type. 
  • Spyware that hijacks information on your device and secretly sends it back to the scammer. 
  • Ransomware that holds a device and its data hostage until a fee is paid. (By the way, never pay off a ransomware threat. There’s no guarantee that payment will release your device and data back to you.) 

However, plenty of phishing attacks are preventable. A mix of knowing what to look for and putting a few security steps in place can help you keep scammers at bay. 

What do phishing attacks look like? 

How you end up with one has a lot to do with it.  

There’s a good chance you’ve already seen your share of phishing attempts on your phone. A text comes through with a brief message that one of your accounts needs attention, from an entirely unknown number. Along with it is a link that you can tap to follow up, which will send you to a malicious site. In some cases, the sender may skip the link and attempt to start a conversation with the aim of getting you to share your personal information or possibly fork over some payment with a gift card, money order, rechargeable debit card, or other form of payment that is difficult to trace and recover. 

In the case of social media, you can expect that the attack will come from an imposter account that’s doing its best to pose as one of those legitimate businesses or organizations we talked about, or perhaps as a stranger or even someone you know. And the name and profile pic will do its best to play the part. If you click on the account that sent it, you may see that it was created only recently and that it has few to no followers, both of which are red flags. The attack is typically conversational, much like described above where the scammer attempts to pump you for personal info or money. 

Attacks that come by direct messaging apps will work much in the same way. The scammer will set up a phony account, and where the app allows, a phony name and a phony profile pic to go along with it. 

Email gets a little more complicated because emails can range anywhere from a few simple lines of text to a fully designed piece complete with images, formatting, and embedded links—much like a miniature web page.  

In the past, email phishing attacks looked rather unsophisticated, rife with poor spelling and grammar, along with sloppy-looking layouts and images. That’s still sometimes the case today. Yet not always. Some phishing emails look like the real thing. Or nearly so. 

Examples of phishing attacks 

Case in point, here’s a look at a phishing email masquerading as a McAfee email: 

There’s a lot going on here. The scammers try to mimic the McAfee brand, yet don’t quite pull it off. Still, they do several things to try and be convincing.  

Note the use of photography and the box shot of our software, paired with a prominent “act now” headline. It’s not the style of photography we use. Not that people would generally know this. However, some might have a passing thought like, “Huh. That doesn’t really look right for some reason.”  

Beyond that, there are a few capitalization errors, some misplaced punctuation, plus the “order now” and “60% off” icons look rather slapped on. Also note the little dash of fear it throws in at the top of the email with mention of “There are (42) viruses on your computer.”  

Taken all together, you can spot many email scams by taking a closer look, seeing what doesn’t feel right, and then trusting you gut. But that asks you to slow down, take a moment, and eyeball the email critically. Which people don’t always do. And that’s what scammers count on. 

Similar ploys see scammers pose as legitimate companies and retailers, where they either ask you to log into a bogus account page to check statement or the status of an order. Some scammers offer links to “discount codes” that are instead links to landing pages designed steal your account login information as well. Similarly, they may simply send a malicious email attachment with the hope that you’ll click it. 

In other forms of email phishing attacks, scammers may pose as a co-worker, business associate, vendor, or partner to get the victim to click a malicious link or download malicious software. These may include a link to a bogus invoice, spreadsheet, notetaking file, or word processing doc—just about anything that looks like it could be a piece of business correspondence. Instead, the link leads to a scam website that asks the victim “log in and download” the document, which steals account info as a result. Scammers may also include attachments to phishing emails that can install malware directly on the device, sometimes by infecting an otherwise everyday document with a malicious payload. 

Email scammers may also pose as someone you know, whether by propping up an imposter email account or by outright hijacking an existing account. The attack follows the same playbook, using a link or an attachment to steal personal info, request funds, or install malware. 

How to avoid phishing attacks 

While you can’t outright stop phishing attacks from making their way to your computer or phone, you can do several things to keep yourself from falling to them. Further, you can do other things that may make it more difficult for scammers to reach you. 

1. Pause and think about the message for a minute. 

The content and the tone of the message can tell you quite a lot. Threatening messages or ones that play on fear are often phishing attacks, such angry messages from a so-called tax agent looking to collect back taxes. Other messages will lean heavy on urgency, like the phony McAfee phishing email above that says your license has expired today and that you have “(42)” viruses. And during the holidays, watch out for loud, overexcited messages about deep discounts on hard-to-find items. Instead of linking you off to a proper ecommerce site, they may link you to a scam shopping site that does nothing but steal your money and the account information you used to pay them. In all, phishing attacks indeed smell fishy. Slow down and review that message with a critical eye. It may tip you off to a scam. 

2. Deal directly with the company or organization in question. 

Some phishing attacks can look rather convincing. So much so that you’ll want to follow up on them, like if your bank reports irregular activity on your account or a bill appears to be past due. In these cases, don’t click on the link in the message. Go straight to the website of the business or organization in question and access your account from there. Likewise, if you have questions, you can always reach out to their customer service number or web page. 

3. Consider the source. 

When scammers contact you via social media, that in of itself can be a tell-tale sign of a scam. Consider, would an income tax collector contact you over social media? The answer there is no. For example, in the U.S. the Internal Revenue Service (IRS) makes it quite clear that they will never contact taxpayers via social media. (Let alone send angry, threatening messages.) In all, legitimate businesses and organizations don’t use social media as a channel for official communications. They have accepted ways they will, and will not, contact you. If you have any doubts about a communication you received, contact the business or organization in question directly and follow up with one of their customer service representatives.  

4. Don’t download attachments. And most certainly don’t open them. 

Some phishing attacks involve attachments packed with malware like the ransomware, viruses, and keyloggers we mentioned earlier. If you receive a message with such an attachment, delete it. Even if you receive an email with an attachment from someone you know, follow up with that person. Particularly if you weren’t expecting an attachment from them. Scammers will often hijack or spoof email accounts of everyday people to spread malware. 

5.Hover over links to verify the URL. 

On computers and laptops, you can hover your cursor over links without clicking on them to see the web address. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it looks like it almost does, yet it adds a few letters or words to the name. This marks yet another sign that you may have a phishing attack on your hands. Scammers also use the common tactic of a link shortener, which creates links that almost look like strings of indecipherable text. These shortened links mask the true address, which may indeed be a link to scam site. Delete the message. If possible, report it. Many social media platforms and messaging apps have built-in controls for reporting suspicious accounts and messages. 

6. Go with who you know. 

On social media and messaging platforms, stick to following, friending, and messaging people who you really know. As for those people who contact you out of the blue, be suspicious. Sad to say, they’re often scammers canvassing these platforms for victims. Better yet, where you can, set your profile to private, which makes it more difficult for scammers select and stalk you for an attack. 

7. Remove your personal information from sketchy data broker sites. 

How’d that scammer get your phone number or email address anyway? Chances are, they pulled that information off a data broker site. Data brokers buy, collect, and sell detailed personal information, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that information for scams. You can help reduce those scam texts and calls by removing your information from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.  

8. Use online protection software. 

Online protection software can protect you in several ways. First, it can offer safe browsing features that can identify malicious links and downloads, which can help prevent clicking them. Further, it can steer you away from dangerous websites and block malware and phishing sites if you accidentally click on a malicious link. And overall, strong virus and malware protection can further block any attacks on your devices. Be sure to protect your smartphones in addition to your computers and laptops as well, particularly given all the sensitive things we do on them, like banking, shopping, and booking rides and travel. 

What is phishing? Now you know, and how you can avoid it. 

Once phishing attacks were largely the domain of bogus emails, yet now they’ve spread to texts, social media, and messaging apps—anywhere a scammer can send a fraudulent message while posing as a reputable source. 

Scammers count on you taking the bait, the immediate feelings of fear or concern that there’s a problem with your taxes or one of your accounts. They also prey on scarcity, like during the holidays where people search for great deals on gifts and have plenty of packages on the move. With a critical eye, you can often spot those scams. Sometimes, a pause and a little thought is all it takes. And in the cases where a particularly cagey attack makes its way through, online protection software can warn you that the link you’re about to click is indeed a trap.  

Taken all together, you have plenty of ways you can beat scammers at their game. 

Introducing McAfee+

Identity theft protection and privacy for your digital life


#Avoid #Phishing #Attacks #Smartphones #Computers

Oleh Diposting pada

There are plenty of phish in the sea. 

Millions of bogus phishing emails land in millions of inboxes each day with one purpose in mind—to rip off the recipient. Whether they’re out to crack your bank account, steal personal information, or both, you can learn how to spot phishing emails and keep yourself safe. 

And some of today’s phishing emails are indeed getting tougher to spot.  

They seem like they come from companies you know and trust, like your bank, your credit card company, or services like Netflix, PayPal, and Amazon. And some of them look convincing. The writing and the layout are crisp, and the overall presentation looks professional. Yet still, there’s still something off about them.  

And there’s certainly something wrong with that email. It was written by a scammer. Phishing emails employ a bait-and-hook tactic, where an urgent or enticing message is the bait and malware or a link to a phony login page is the hook.  

Once the hook gets set, several things might happen. That phony login page may steal account and personal information. Or that malware might install keylogging software that steals information, viruses that open a back door through which data can get hijacked, or ransomware that holds a device and its data hostage until a fee is paid. 

Again, you can sidestep these attacks if you know how to spot them. There are signs. 

Let’s look at how prolific these attacks are, pick apart a few examples, and then break down the things you should look for. 

<h2>Phishing attack statistics—the millions of attempts made each year. 

In the U.S. alone, more than 300,000 victims reported a phishing attack to the FBI in 2022. Phishing attacks topped the list of reported complaints, roughly six times greater than the second top offender, personal data breaches. The actual figure is undoubtedly higher, given that not all attacks get reported. 

Looking at phishing attacks worldwide, one study suggests that more than 255 million phishing attempts were made in the second half of 2022 alone. That marks a 61% increase over the previous year. Another study concluded that 1 in every 99 mails sent contained a phishing attack.  

Yet scammers won’t always cast such a wide net. Statistics point to a rise in targeted spear phishing, where the attacker goes after a specific person. They will often target people at businesses who have the authority to transfer funds or make payments. Other targets include people who have access to sensitive information like passwords, proprietary data, and account information. 

As such, the price of these attacks can get costly. In 2022, the FBI received 21,832 complaints from businesses that said they fell victim to a spear phishing attack. The adjusted losses were over $2.7 billion—an average cost of $123,671 per attack. 

So while exacting phishing attack statistics remain somewhat elusive, there’s no question that phishing attacks are prolific. And costly. 

<h2>What does a phishing attack look like? 

Nearly every phishing attack sends an urgent message. One designed to get you to act. 

Some examples … 

  • “You’ve won our cash prize drawing! Send us your banking information so we can deposit your winnings!” 
  • “You owe back taxes. Send payment immediately using this link or we will refer your case to law enforcement.” 
  • “We spotted what might be unusual activity on your credit card. Follow this link to confirm your account information.” 
  • “There was an unauthorized attempt to access your streaming account. Click here to verify your identity.” 
  • “Your package was undeliverable. Click the attached document to provide delivery instructions.” 

When set within a nice design and paired some official-looking logos, it’s easy to see why plenty of people click the link or attachment that comes with messages like these. 

And that’s the tricky thing with phishing attacks. Scammers have leveled up their game in recent years. Their phishing emails can look convincing. Not long ago, you could point to misspellings, lousy grammar, poor design, and logos that looked stretched or that used the wrong colors. Poorly executed phishing attacks like that still make their way into the world. However, it’s increasingly common to see far more sophisticated attacks today. Attacks that appear like a genuine message or notice. 

Case in point: 

Say you got an email that said your PayPal account had an issue. Would you type your account information here if you found yourself on this page? If so, you would have handed over your information to a scammer. 

We took the screenshot above as part of following a phishing attack to its end—without entering any legitimate info, of course. In fact, we entered a garbage email address and password, and it still let us in. That’s because the scammers were after other information, as you’ll soon see. 

As we dug into the site more deeply, it looked pretty spot on. The design mirrored PayPal’s style, and the footer links appeared official enough. Yet then we looked more closely. 

Note the subtle errors, like “card informations” and “Configuration of my activity.” While companies make grammatical errors on occasion, spotting them in an interface should hoist a big red flag. Plus, the site asks for credit card information very early in the process. All suspicious. 

Here’s where the attackers really got bold.  

They ask for bank “informations,” which not only includes routing and account numbers, but they ask for the account password too. As said, bold. And entirely bogus. 

Taken all together, the subtle errors and the bald-faced grab for exacting account information clearly mark this as a scam. 

Let’s take a few steps back, though. Who sent the phishing email that directed us to this malicious site? None other than “paypal at inc dot-com.” 

Clearly, that’s a phony email. And typical of a phishing attack where an attacker shoehorns a familiar name into an unassociated email address, in this case “inc dot-com.” Attackers may also gin up phony addresses that mimic official addresses, like “paypalcustsv dot-com.” Anything to trick you.  

Likewise, the malicious site that the phishing email sent us to used a spoofed address as well. It had no official association with PayPal at all—which is proof positive of a phishing attack. 

Note that companies only send emails from their official domain names, just as their sites only use their official domain names. Several companies and organizations will list those official domains on their websites to help curb phishing attacks.  

For example, PayPal has a page that clearly states how it will and will not contact you. At McAfee, we have an entire page dedicated to preventing phishing attacks, which also lists the official email addresses we use. 

Other examples of phishing attacks 

Not every scammer is so sophisticated, at least in the way that they design their phishing emails. We can point to a few phishing emails that posed as legitimate communication from McAfee as examples. 

There’s a lot going on in this first email example. The scammers try to mimic the McAfee brand, yet don’t pull it off. Still, they do several things to try to act convincing. 

Note the use of photography and the box shot of our software, paired with a prominent “act now” headline. It’s not the style of photography we use. Not that people would generally know this. However, some might have a passing thought like, “Huh. That doesn’t really look like what McAfee usually sends me.” 

Beyond that, there are a few capitalization errors, some misplaced punctuation, and the “order now” and “60% off” icons look rather slapped on. Also note the little dash of fear it throws in with a mention of “There are (42) viruses on your computer …” 

Taken all together, someone can readily spot that this is a scam with a closer look. 

This next ad falls into the less sophisticated category. It’s practically all text and goes heavy on the red ink. Once again, it hosts plenty of capitalization errors, with a few gaffes in grammar as well. In all, it doesn’t read smoothly. Nor is it easy on the eye, as a proper email about your account should be. 

What sets this example apart is the “advertisement” disclaimer below, which tries to lend the attack some legitimacy. Also note the phony “unsubscribe” link, plus the (scratched out) mailing address and phone, which all try to do the same. 

This last example doesn’t get our font right, and the trademark symbol is awkwardly placed. The usual grammar and capitalization errors crop up again, yet this piece of phishing takes a slightly different approach. 

The scammers placed a little timer at the bottom of the email. That adds a degree of scarcity. They want you to think that you have about half an hour before you are unable to register for protection. That’s bogus, of course. 

Seeing any recurring themes? There are a few for sure. With these examples in mind, get into the details—how you can spot phishing attacks and how you can avoid them altogether. 

How to spot and prevent phishing attacks. 

Just as we saw, some phishing attacks indeed appear fishy from the start. Yet sometimes it takes a bit of time and a particularly critical eye to spot. 

And that’s what scammers count on. They hope that you’re moving quickly or otherwise a little preoccupied when you’re going through your email or messages. Distracted enough so that you might not pause to think, is this message really legit? 

One of the best ways to beat scammers is to take a moment to scrutinize that message while keeping the following in mind … 

They play on your emotions. 

Fear. That’s a big one. Maybe it’s an angry-sounding email from a government agency saying that you owe back taxes. Or maybe it’s another from a family member asking for money because there’s an emergency. Either way, scammers will lean heavily on fear as a motivator. 

If you receive such a message, think twice. Consider if it’s genuine. For instance, consider that tax email example. In the U.S., the Internal Revenue Service (IRS) has specific guidelines as to how and when they will contact you. As a rule, they will likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply pressure tactics—only scammers do that.) Likewise, other nations will have similar standards as well. 

They ask you to act—NOW. 

Scammers also love urgency. Phishing attacks begin by stirring up your emotions and getting you to act quickly. Scammers might use threats or overly excitable language to create that sense of urgency, both of which are clear signs of a potential scam. 

Granted, legitimate businesses and organizations might reach out to notify you of a late payment or possible illicit activity on one of your accounts. Yet they’ll take a far more professional and even-handed tone than a scammer would. For example, it’s highly unlikely that your local electric utility will angrily shut off your service if you don’t pay your past due bill immediately. 

They want you to pay a certain way. 

Gift cards, cryptocurrency, money orders—these forms of payment are another sign that you might be looking at a phishing attack. Scammers prefer these methods of payment because they’re difficult to trace. Additionally, consumers have little or no way to recover lost funds from these payment methods. 

Legitimate businesses and organizations won’t ask for payments in those forms. If you get a message asking for payment in one of those forms, you can bet it’s a scam. 

They use mismatched addresses. 

Here’s another way you can spot a phishing attack. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it does somewhat, yet it adds a few letters or words to the name. This marks yet another sign that you might have a phishing attack on your hands. 

Likewise, if the message contains a web link, closely examine that as well. If the name looks at all unfamiliar or altered from the way you’ve seen it before, that might also mean you’re looking at a phishing attempt. 

Protect yourself from phishing attacks 

  1. Go directly to the source. Some phishing attacks can look convincing. So much so that you’ll want to follow up on them, like if your bank reports irregular activity on your account or a bill appears to be past due. In these cases, don’t click on the link in the message. Go straight to the website of the business or organization in question and access your account from there. Likewise, if you have questions, you can always reach out to their customer service number or web page.  
  2. Follow up with the sender. Keep an eye out for emails that might be a spear phishing attack. If an email that looks like it came from a family member, friend, or business associate, follow up with them to see if they sent it. Particularly if asks for money, contains a questionable attachment or link, or simply doesn’t sound quite like them. Text, phone, or check in with them in person. Don’t follow up by replying to the email, as it may have been compromised.   
  3. Don’t download attachments. Some phishing attacks send attachments packed with malware like the ransomware, viruses, and keyloggers we mentioned earlier. Scammers may pass them off as an invoice, a report, or even an offer for coupons. If you receive a message with such an attachment, delete it. And most certainly don’t open it. Even if you receive an email with an attachment from someone you know, follow up with that person. Particularly if you weren’t expecting an attachment from them. Scammers will often hijack or spoof email accounts of everyday people to spread malware.  
  4. Hover over links to verify the URL. On computers and laptops, you can hover your cursor over links without clicking on them to see the web address. If the URL looks suspicious in any of the ways we mentioned just above, delete the message, and don’t ever click. 

Protect yourself from email attacks even further 

Online protection software can protect you from phishing attacks in several ways. 

For starters, it offers web protection that warns you when links lead to malicious websites, such as the ones used in phishing attacks. In the same way, online protection software can warn you about malicious downloads and email attachments so that you don’t end up with malware on your device. And, if the unfortunate does happen, antivirus can block and remove malware. 

Online protection software like ours can also address the root of the problem. Scammers must get your email address from somewhere. Often, they get it from online data brokers, sites that gather and sell personal information to any buyer—scammers included.  

Data brokers source this information from public records and third parties alike that they sell in bulk, providing scammers with massive mailing lists that can target thousands of potential victims. You can remove your personal info from some of the riskiest data broker sites with our Personal Data Cleanup, which can lower your exposure to scammers by keeping your email address out of their hands. 

In all, phishing emails have telltale signs, some more difficult to see than others. Yet you can spot them when you know what to look for and take the time to look for them. With these attacks so prevalent and on the rise, looking at your email with a critical eye is a must today. 

 

 


#Plenty #Phish #SeaYour #Guide #Spotting #Phishing #Emails #Scams

  • 1
  • 2