Phishing is one of the most common and consistently used forms of online scams. These scams target users and attempt to find out their personal data. This kind of personal attack is based on deception, much like many real-life scams and frauds. Often no viruses are used and it all falls to the fault of the user, which makes them particularly dangerous.
Email Spoofing
Email spoofing is the most common form of phishing. This is often recognised as the old-fashioned spam emails similar to "You've inherited $1,000,000 from a long lost relative" in which people would give up their Debit card details to receive their non-existent inheritance. Most people do well to not fall for these older scams. Most online email services also block these emails from known scammers anyway, so most don't even reach your inbox.
The more modern version of email spoofing is more dangerous and more deceiving though. It often begins with someone on your email contact list having an unsecure password, or having not changed it in several months. Hackers can then use software to quickly figure out the password of the email and set it up for a scam.
Often, if scammers see that there are family members on your contact list they will send emails from your own address to all your family members. These emails are often similar to "I am stuck at an airport and need money to buy a ticket, please help" or something along those lines. Scammers will use your personal connections to your contacts to steal their money. If you have customers for your business on your email contacts, then they too may receive fraudulent emails. Below is an example:
This may well seem like a casual, or even an automatic, invoice notice but the supposed sender of this email, never sent it himself. Several tell-tale signs for email scams are: inconsistency with grammar/spelling (if the usual user talks via email in a certain way e.g. always casual or always formal), the lack of a signature or disclaimer at the bottom, ending with "from", "Best Regards", etc., and then the entire email of the sender and not their personal name, saying to contact only via the email of the sender and not the accounting department or via a phone number.
Scam emails will always use a false URL link to send you to their pre-made detail stealing website where you will enter your details if you have fallen for their deception. If you are unsure of anything regarding an online email, call the sender. Most companies understand that there are several scams causing people to not be entirely trustworthy of every email they see and will therefore be happy to confirm what is and isn't real for their customers.
Spoofing emails will often have a piece of code that will send you to a different url to the one you think you are clicking on. For example you may click on "www.google.co.uk" but instead it takes you to a scam site that will ask for your details. These sites are designed by attackers to look identical to the original to fool you. Often you will be sent to a fake payment sie such as paypal.
The link below is an example that we have made:
You will click on that link, thinking it will take you to "example.com" but it actually takes you to "www.bongoit.co.uk". If we were scammers we would make our website look just like Paypal or a similar service to fool you into trusting the site and giving up your details. Scammers will often make URLs a lot shorter (like in the first example) so that you have even less of an idea of where the link could take you. If you are unsure of a link in an email, then you can view it in "plain text" and it will usually show you the full URL.
How to Find Out When to Change Your Passwords
You should regularly change your passwords and keep them secure. Be sure to use non-dictionary words and special characters such as "@:{]~#?/|+_*&^%" to prevent brute-force hacks. You can also check to see if your email address has been leaked on the websites that you have signed up to at "Have I been Pwned?" (https://haveibeenpwned.com/). This website will tell you of any data breaches that have happened, that could have affected your email.
If you'd like more details on how to combat cyber-crime and scams, be sure to contact us!
Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide
Call us on: 01865 988 217