Phishing Scams Beware!

Author: Julie Wills - MarCom/Wednesday, December 21, 2016/Categories: Tech Tips & Gadgets

The word ‘phishing’ refers to the process of sending out emails to people, pretending to be from reputable companies. Most of them carry a link, that when clicked, takes the user to a page that the phishers themselves have created. This looks very much like the original (the official webpage of the company that the email purports itself to be from), so there is very little suspicion in the minds of those who have clicked on the link in the email. The page then captures sensitive user data, such as credit card numbers and/or bank account numbers and passwords, which the phishers then use to their advantage.

They make the wording as convincing as possible. If email assumes to be from a bank/financial institution, it could be like “We have experienced a massive attack on our systems. A large amount of fake accounts have been created, presumably to facilitate the illegal transfer of funds and hence enable money laundering. We are trying to verify all accounts and solicit your cooperation in this regard. It will take less than five minutes of your time. All you have to do is click on the link below to verify your account.”

Sometimes, the email will ask you to install a phishing software that snoops on your system, captures confidential information and sends it back to the phishers. There have been cases where the phishing email feigned to be from the FBI – this is something that any user would take seriously – and asked the recipient to install a software so that an official document could be viewed.

Phishing filters have come up, as all these emails make use of certain keywords. However, phishers have gotten smarter, using images instead of text to avoid detection. Anti-phishing filters now use Optical Character Recognition or OCR technology to help them make sense of the images, but this has not always been fruitful. Hence the problem continues to exist.

Spear phishing is when the email is not sent to random users, but specific targets. Sometimes, there are non-spear phishing emails that are sent out randomly, like

Thank you for using Naples Internet between 10:28:13 AM and 11:24:52 AM. We hope you enjoyed the experience.

If you are not the intended recipient or are seeing this email by mistake, please click here.

A lot of people fall for this trap – they click on the "click here" link thinking their email addresses will be removed from the sender’s database and hence won’t have to see such spam email again. What clicking on the link does is to give the phisher access to your cookies – these are files that are created whenever you visit a website. This way, a phisher can easily determine if you access a banking website frequently. The chances are it is your bank, and then a spear phishing email is sent, which claims to be from your bank.

If you are on a public Wi-Fi network, the service provider can see which sites you visit using that connection. This is another way of getting information about the sites you visit. They also look at things like how much time you spend on the site – the more time spent means that you are more than casually browsing through it. This information can also be used to target you with spear phishing emails. Some offer free Wi-Fi specifically for this purpose, and name them in a convincing way, like Café_Guest (the phisher is sitting right in the coffee shop and collecting information from visitors).

At the time of writing, Amazon shoppers in the United States, UK and Australia are getting a phishing email that has the subject line “Your Amazon.com order cannot be shipped.” This prompts many who have placed orders to open them and the link takes them to a genuine-looking page where they have to fill out their personal information and bank/card details.

Why this is such a major problem:

  • 97% of all users around the world cannot tell a phishing email from a genuine one.
  • 30% of all phishing emails are opened within 24 hours, and the links contained in them are clicked on by three-fourths of all those who open them.
  • There is a 250% increase in phishing this year when compared to the previous year.
  • Nine out of 10 phishing emails carry ransomware attached to them.
  • 84% of companies have had spear phishing emails penetrate their IT security, compromising their systems. For 15% of them, the loss was so huge that their stock prices dipped by 15%. The average cost-to-company has been estimated to be $1.6 million in the case of a successful breach.
  • Over the past two years, this has totaled to $2 billion across companies. It is expected to touch $2.1 trillion by 2019.
  • A third of all companies have experienced CEO fraud, where the phishing email represents itself as being sent by the CEO of the company.
  • Only 3% of spear phishing email recipients report malicious emails.

For more ways to avoid phishing scams, go to phishing.org

Print

Number of views (8050)/Comments (0)