Have you been subject to a Phishing or Spoofing scheme?

Have you been subject to a Phishing or Spoofing scheme?

Phishing occurs when a person obtains information about you (or your organization) from websites or social networking sites and customizes a phishing scheme to you.  A common one is the use of your personal or business email address to ask your friends or associates for money or gift cards.  Phishing can also occur within companies e.g., when a fake boss sends an employee a request for payments to a vendor.

[ Recently one SPHA board member received a phish email allegedly from another member to request an immediate purchase of multiple gift cards for needy residents in our subdivision.  In a subsequent email the sender requested only the card information so as to redeem the amounts without the physical cards.]

Spoofing occurs when a person impersonates another individual or organization, with the intent to gather sensitive personal or business information.  These are often sent to acquire your account info, passwords, bank card info.   They may appear to be from PayPal, Netflix, Microsoft, Facebook, Google or other big corporate acct. holders who offer online services or protections. 

You could be a recipient who falls victim by sending money or information, or the email may be sent impersonating your business or organization.  Either way phishing and spoofing constitute cybercrime as well as “social engineering”.  Phishers dump thousands of crafted messages on unsuspecting people.   Anytime you receive a suspicious email you should contact the sender through an alternative means of communication to determine if you are receiving a legitimate authentic email.  Thus, you might not become aware that a criminal has attempted a scam in your name, unless a friend contacts you to verify that you truly sent the email that they received. 

Per Proofpoint’s 2022 State of the Phish Report, 83% of organizations fell victim to a phishing attack.  Verizon’s 2021 Data Breach Investigation Report found that 25% of all data breaches involve phishing.

HERE ARE 5 WAYS TO SPOT SCAMS IN YOUR EMAILS.

1.         THE MESSAGE IS SENT FROM A PUBLIC DOMAIN.

No legitimate organization will send from a Gmail.com address.  Other public domains that are unlikely to be from big companies include Hotmail, Outlook, etc.  Most companies have their own email domain like:  Google.com, for example.  If the domain name after the “@” matches the apparent sender, the message is probably legit.  Large companies go through a registration process to acquire their personal URL in the address bar.  Phishers cannot replicate them.  The scammers are counting on your lack of attention to the public domain they slip into the sender line.

PayPal spoofscams are common.  They ask for sensitive password information.  An example you could see is… From:  Account support <PayPal support@gmail.comWhile the content of the message may appear very authentic, do not ignore the domain.  PayPal has its own domain, e.g. PayPal.com.

If you receive a phished email from one of the public domains, such as Gmail, you can report the fraudulent use of their public domain directly to them.  https://support.google.com/mailo/answer/8253?hl=en

Also, the large companies in which you may have an account will almost always start the email greeting with your personal name.  You will not be reading “Dear Customer” but instead “Dear (your first and/or last name).  If Facebook, for example, sends you a login alert after you have used a new device, the alert will address you personally; list accurate dates and times of the login or activity they are checking; list your correct location and accurately describe the new device you are using that they are attempting to verify. Alerts are freshly sent and not stale to the application they are checking.

2.         THE DOMAIN NAME MAY BE MISSPELT WHEN A COMPANY DOMAIN IS ATTEMPTED.

Look at the domain address of a recent Microsoft spoof.  It was seeking Microsoft passwords and was sent from the impersonated MS Online Services Team. 

It was… From:  MS Online Services@microsfrtonline.comNote that small misspelling. It could look legit to a casual reader assuming it is Microsoft. 

3.         THE EMAIL IS POORLY WRITTEN.

Often the scam emails contain poor spelling and/or grammar because the phisher/spoofer is from a non-English-speaking country.  Even use of spell check will fail to place the substance of the message in proper context.   Poor spelling and grammar are often seen in fake Windows User Alerts.   Here is an example: “We detected something unusual to use an application to sign into your Windows Computer.  We have found suspicious login attempt on your windows computer through an unknown source.”   You can see the message is barely declarative and non-contextual.  

4.         THE EMAIL INCLUDES INFECTED ATTACHMENTS OR SUSPICIOUS LINKS.

If you suspect a phish, DO NOT open any attachment or link.  It is a good general rule to never open any link in any email.  Once you click a link in a spoofed email the document will usually unleash malware on your computer.  Often the suspicious link does not match the context of the email. 

For example, in a recent Netflix spoof alleging an issue with the recipient’s account and seeking credit card information, the domain address was NETFL-IX and the remaining message did not include ‘netflix.com’ anywhere.  The spoof included a boxed hyperlink to click entitled:  UPDATE ACCOUNT NOW.  The use of a hyperlink can look very genuine but more importantly it hides the destination address.  In these types of emails, we must train ourselves to examine before clicking.  You can hover your computer mouse over the link, and the destination address should appear in a small bar along the bottom of the browser.   

5.         THE EMAIL CREATES A SENSE OF URGENCY.

LOG IN NOW, CLICK HERE NOW, ACTION REQUIRED!! These are common phrases in email scams. Urgency is emphasized in that scammers want the money or gift cards as soon as possible and do not want you to procrastinate.  Scams of any kind often utilize a ‘act now, or it will be too late’ approach. 

Phishing often occurs within companies with an impersonated boss requesting immediate payment from an employee to an outside vendor.  Those scams are often successful simply because the employee wants to fulfill his boss’ request.  Afterall what employee wants to contact his boss to second guess his poor grammar in an email?

Good source on U-Tube for examples:

https://youtu.be/3gpOM9c6mmA       Anatomy of Scam Emails – How to Recognize a Phishing Scam message by Atomic Shrimp

Comments are closed.