Category: Computer Security|Desktop Tips|Internet Security

Understanding Phishing

Posted on by talhaahmed18

phishing-scamReport Phishing or Spoof email

If you receive a suspicious email FORWARD it to support@globalit.com. Our security experts will be able to look at the email to determine if it is a fake. There are some hints about identifying scam email below but it is often very difficult to tell for sure since the scammers adjust their tactics. So, if you have the slightest doubt, send it to our experts for investigation.

Note: Please FORWARD the suspect email don’t cut and paste the contents because valuable tracking information about the source will be lost.

What is phishing?

“Phishing” is an attempt to steal your information. Criminals pretend to be a legitimate business to get you to disclose sensitive personal information, such as credit and debit card numbers, bank information, account passwords, or Social Security numbers.

One of the most common phishing scams involves sending an email that fraudulently claims to be from a well-known company. However, it can also be carried out in person, over the phone, via malicious pop-up windows, and “spoof” or fake websites.

How Phishing Works

  1. A criminal sends a large number of emails to people using lists of email address identified as active or at random. These emails appear to be messages from a well-known company. A common example contains a fictitious story designed to lure you into clicking on a link or calling a phone number.
  2. The phishing email will ask you to fill out a form or click on a link or button that take you to a fraudulent website.
  3. The fraudulent website mimics the company referenced in the email, and aims to extract your sensitive personal data.
  4. In essence, you think you’re giving your information to a trusted company when, in fact, you’re giving it to a criminal.

Note that phishing emails can also lure you to open suspicious attachments or visit websites that can infect your computer with malware.

How to Spot a Fake Email

There are many telltale signs of a fraudulent email:

  • False Sense of Urgency – Many scam emails tell you that your account will be in jeopardy if something critical is not updated right away.
  • Fake Links – These may look real, but they can lead you astray. Check where a link is going before you click by hovering over the URL in an email, and comparing it to the URL in the browser. If it looks suspicious, don’t click.
  • Attachments – Attachments can contain malware, so you should never open an attachment unless you are 100% sure it’s legitimate.

Here are some examples:

    • You receive an email stating: “Your order #ZK04769 is confirmed for shipment tomorrow. Please click here to review the shipping details.” But you never placed an order so you click on the link and login to see what it is. Only later do you realize that the link took you to a bogus website.
    • You receive an email stating: “We have noticed suspicious activity on your account. Please click here to review your recent transactions.” Once again the link takes you to a page that looks correct but is really a bogus link.
    • “We would like to offer you a special $50 coupon for being such a good customer. This offer is limited to the first 100 people so click here immediately to claim your reward.” Instead of a reward, you are directed to a fake website where you might give up your account id and password which the scammers will use to spend from your account.

For more examples see these sites:

If you fall for Phishing:

There are plenty of clever scam attempts and new ones are being created all the time, so despite your best intentions it could happen. If you have a suspicion that you fell for a scam here are some steps to protect yourself:

  1. Change your account passwords, PIN’s and Security Questions immediately. Do this for all of your bank accounts, email accounts and other online accounts.
  2. Run an Antivirus scan on your system to make sure that you did not pick up a virus. Make sure that your system and Anti-Virus software is up to date.
  3. Check your online accounts and statements vigilantly over the next few weeks and months for unexpected actions.

Phishing Resources

Here are some useful links to more on phishing:

https://info.globalit.com/wp-content/uploads/2015/02/phishing-scam.jpg

Computer Security|Desktop Tips|Internet Security

Protecting Against Common Computer Threats

Posted on by talhaahmed18

computer-security-threat-in-code-shutterstock-510pxThere are two types of common threats most non technical staff will encounter.

  1. “Phishing” for information
  2. “Viruses” never friendly
  3. What to do

Phishing

Develop a healthy skepticism when reading any email that asks for sensitive information and take a couple of simple steps to protect you.

  • Familiar alarmist messages from ADP, Efax, eBay, Amazon, Facebook or email companies to enter and renew passwords, threats of account closures or documents to open
  • zip attachments or any type of attachment
  • Promises of money for little or no effort
  • Deals that sound too good to be true
  • Requests to donate to a charitable organization after a disaster that has been in the news
  • Bad grammar and misspellings

What does a phishing email message look like?

Here is an example of what a phishing scam in an email message might look like.

phishing_email_example

  • Beware of links in email. If you see a hyperlink in a suspicious email message, don’t click on it. Roll your mouse (BUT DO NOT CLICK) over the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s web address; be watchful for incorrect domains or spelling for example the real domain is http://linkedin.com, however the hyperlink is linking to http://sign-into-linkedn.com (Notice the “linkedn.com” is incorrect and should be “linkedin.com”).

ZA001141187

  • If in doubt, retype the URL. When in doubt retype the URL and go to the known website. Phishers are very sophisticated in their use of design and technology to make their email lures look legitimate. The URL for the link in a phishing scam email usually appears to be a company’s valid Web address. If you click the link, you’re redirected to the phishers’ phony sites which look very much like the live site. However, if you type the displayed address into your browser rather than clicking the link, you can avoid being redirected.
  • Spelling and bad grammar. Cyber-criminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam.
  • Spoofing popular websites or companies. Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows.
  • When in doubt, throw it out. You can always get a file from someone on paper or on disk. Delete messages with suspect attachments as soon as you can.

Viruses

Viruses are commonly sent as zip attachments or are hyperlinks in emails or web pages.

  • If you receive but are not expecting an attachment from a known source delete it.
  • Virus attachments often come from Facebook, LinkedIn, YouTube, Amazon, resumes, financial information, contact spreadsheet, American Express etc. Delete these messages immediately.
  • Viruses can also be linked and downloaded from hyperlinks offering free iPad’s or other gifts on untrusted websites.

i.      Be cautious of known viruses; like speed up your PC/computer or free antivirus and ad-ware removal tools.

ii.     In most cases once these viruses are in the system, they go into learning mode to watch and obtain your access information silently.

  • Viruses can also be sent as computer updates. Recently attackers have been using fake computer updates to install malicious software on PC.s

i.     Be sure to ask your administrator before installing any type of software or software update

What to do

  1. Delete the email threats immediately, never click on anything that is not certain.
  2. Make sure your antivirus is active and you are not using a free service downloaded from the web.
  3. Run a virus scan, and set up an automated weekly scan.
  4. If you do click on a virus you may not notice any immediate problems until the virus is fully embedded into your system.

i.      Press the escape key multiple times and disconnect your computer from the local network or shut it down.

ii.     Report it to your technical lead.

iii.    Catching and cleaning it early is much better than waiting for the virus to learn your username, password information and then wipe your files or infect other computers.

[authorsure_authors]

https://info.globalit.com/wp-content/uploads/2013/10/phishing_email_example.jpg|https://info.globalit.com/wp-content/uploads/2013/10/ZA001141187.gif|https://info.globalit.com/wp-content/uploads/2013/10/computer-security-threat-in-code-shutterstock-510px.jpg

Computer Security|Desktop Tips|Internet Security