Phishing is one of the internet’s less welcome trends. First reported in the mid-1990s, it’s become increasingly prevalent as we grow more reliant on email and online communications tools. It’s named after the speculative pastime of fishing since most phishing expeditions involve baiting a hook and hoping for a response.
These are some of the most common techniques currently in circulation:
Some readers of this blog may have received unsolicited emails, claiming to have recorded them watching adult content via a compromised webcam. If a bitcoin payment isn’t made within a certain time period, video footage of the ‘incident’ will be distributed to friends, coworkers and other email contacts.
If the blackmail email outlined above hasn’t reached your inbox yet, you’ve surely received notification of a tax rebate or a lottery win. All you have to do is click a link, which will usually either install malware onto your device or direct you to a fraudulent website where money or personal data will be requested.
Scams are increasingly reliant on cloning legitimate businesses, with copied-and-pasted logos and email footer text. They often warn of suspicious account activity or problems with a recent transaction. Urgent responses are requested, giving victims less time to realize they’re being duped.
This is a relatively new phenomenon, and mercifully rare because it’s very hard to do. Recipients are given lots of genuine information about themselves, suggesting that the sender (often a senior ‘colleague’) knows them. Social media platforms like LinkedIn are prone to spearing, as are cloned corporate email accounts.
It’s surprisingly easy to fall victim to a fraudulent email. As we rush through daily life, it’s tempting to skim-read messages instead of studying them closely. And if the bait falls kindly for the scammers (a fake Apple query arriving in the inbox of someone who ordered an iPhone yesterday), a new victim is only a mouse-click away. Sextortion emails are especially insidious since they play on contemporary topics. The #MeToo movement makes this a particularly bad time to be exposed – in any sense of the word – as a consumer of pornography.
Fortunately, these emails are often betrayed by their amateurishness. These are some of the ways to identify fraudulent messages that manage to slip through email spam filters:
Internet scams generally originate overseas, and English is rarely their authors’ mother tongue. Although literary standards are improving, many emails can be dismissed on the basis of misspelled words, tortured grammar and bad syntax. Any American would know you start a message “Dear Mr. Smith”, rather than “Dear Smith”, for instance. The use of exclamation marks is another giveaway since it looks strange when we use them in day-to-day written communications!!!
#2. Hyperlink identifications
Hovering your mouse cursor over a hyperlink should bring up the destination URL while clicking on the sender’s name ought to reveal their email address. Scam messages tend to be populated by dubious web links such as www.winfreesave.men, sent from random accounts like firstname.lastname@example.org This message clearly isn’t legitimate and should be deleted or reported to your ISP.
#3. Internet searches
If you receive a message whose legitimacy isn’t immediately obvious, copy and paste the subject line into Google or Bing. If it’s a known scam, other people will have reported it and there may even be news stories or social media threads about it. Another good tip is to add the word ‘scam’ after your search string.
It’s vitally important to remember that millions of people receive fraudulent emails every day, distributed using hastily-assembled databases of email addresses. As its name suggests, a large element of good fortune is involved in any successful phishing expedition, since most people will recognize the bait and quietly move away. It’s to be hoped that growing public awareness and increasingly sophisticated email algorithms are leading to a steady decline in attacks.
Know your enemy
One way to raise awareness involves organizing training. If you’re a board-level executive or IT manager, set up lunchtime seminars for your colleagues. Explain how fraud could cripple or even bankrupt your firm, and highlight recent examples of phony emails. Some firms even send test emails to their workforce to see whether employees take the bait. The landing page for hyperlinks will be a company page explaining what’s happened, and how to avoid real attacks in the future. Employees rarely make the same mistake twice.
Finally, we can’t over-emphasize the importance of following industry news and developments. WestHost takes the security of our customers very seriously, which is why we regularly publish blogs about phishing and scams on this page. Other useful resources include the BBC News, Trend Micro and Security Week websites. When it comes to staying out of next year’s crime statistics, knowledge is power.
Partner with a web host who prioritizes your data security. Visit WestHost today!