Introduction to Phishing
Many of us who have been on the internet for a while know some of the most popular scams and how to avoid them. For example, "Your Town Mugshots, Click Here", or "This Woman Looks 25, but is 50, Here is Her Secret!", or even the classic deposed prince of Nigeria imploring for your help. Most of us know not to click on these baiting links, but what about scams that don't look like scams? This is the popular phenomenon known as phishing. Phishing is the attempt to obtain sensitive information, such as usernames, passwords, credit card details, and money, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication, such as email. The word is a play on the word fishing, due to the similarity of using a bait in an attempt to catch a victim.
Many people are being tricked with these realistic emails that end up compromising their information. SOC Manager John Britton at Rocus Networks has some tips on how you can avoid these scams, and what to do if you fall prey to them.
1- Look at the sender's email, does it look official?
Example: Info@rocusnetworks.com vs. firstname.lastname@example.org
2- Look for spelling and grammar mistakes.
Everyone makes mistakes, but are they abundant? Is the language not quite right?
"Dear value customer, please pay invoice by 04th"
3- Does the sender match up with the subject?
If you are getting banking emails, it should come from your bank
Alerts@yourbank.com vs. email@example.com
4- Hover over the hyperlink (don't click) in the email to see the URL. Is it legitimate or does it look phishy?
Like the above example, rocusnetworks.com vs. r0cusn3tworkswebsiteee345.net
Many people wonder "why me?" when they get these types of emails, but in reality, they were not targeted personally, but through a random generator, in hopes that there will be a match. Then, the malicious emails are sent in hopes that someone will open, and fall prey to the scam. Although from a comic strip, the image below shows how this process works.
Don't Let Them Score
Phishing scams have already been seen at this year's World Cup, and it is expected to continue. Currently, fans are being sent a file that they think is a schedule and score sheet, but in reality, it is a malicious file that has the ability to infect their devices. Other scams could include telling fans that they have won tickets or passes, in order to trick them into giving up their information. Or, websites may be hacked, and steal spectators' info. This occurred at the 2018 Winter Olympics in Pyeongchang. Here are some of John's tips to keep safe:
- At an event this large, the hackers are most likely not targeting you personally, but a large group of people, in hopes that they will catch someone.
- Don't download anything you did not ask for, or you are not sure about.
A simple rule of thumb to use is; if something is too good to be true, it probably is. (No, you probably didn't randomly win a brand-new laptop). If something looks realistic, ask colleagues, your IT team, or Google. You can also call the source if it looks like it came from your bank, car company, a friend, etc. to clear up any confusion. Do not click on any link that you are not sure of.