Phishing scam emails in 2013
This is my fifth blog on computes security. In this one you will learn more about PHISHING in 2013.
What is Phishing?
Phishing is a technique used to deceive users in an attempt to obtain confidential information (usernames, passwords, financial information). Phishing attacks use fake emails, text messages and websites created to look like they are from authentic sources. The message contains links or attachments that instruct users to reply directly or enter details on the fake website.
The messages have become more sophisticated and appear more legitimate, but there are certain clues that can tip you off. Some of the indicators to signify it is a not a legitimate email are listed below:
Indicators of illegitimate email
•Time stamp: The message will arrive at strange times, outside of normal business hours.
•Spelling and grammatical errors.
•No detailed contact information provided.
•Non-personalized, generic addressing.
•Messages create a sense of urgency to respond.
•The link provided is different than the site it takes you to (i.e. when resting the mouse pointer on the link, it reveals another Internet address).
•The message will request some form of personal information.
There are many different formats that phishing messages can take. Two recent phishing scams used calendar invites and airline ticket confirmation requests to try and trick people into clicking on links or divulging personal information. Cybercriminals are being more creative and using new methods in their phishing attacks.
How the phishing email looks like
Note that you may receive phishing scams either in English or in French. The two messages below include some of the indicators to look for.
Dear Customer,
Create sense of urgency to respond
Your credit card has been successfully processed.
FLIGHT NUMBER DT628190172US
ELECTRONIC 628190172
DATE & TIME / FEB 19, 2013, 12:45 AM
ARRIVING / Washington
TOTAL PRICE / 429.33 USD
Suspicious links
Please download and print your ticket from the following URL: https://www.delta.com/flifo/servlet/DelataDLTicket?airline_code=DL&flight_number=DT628190172US&flight_date=02/18/2013&request=main
For more information regarding your order, contact us by visiting: https://www.delta.com/content/www/en_US/support/talk-to-us.html
No detailed contact information provided
Thank you.
Delta Airlines.
EMAIL TEXT
Generic greeting
Bonjour,
Portrays a tragic story that plays on emotions
Je me nomme Mlle Gauthier Louise,de nationalité Canadienne,je suis orpheline et je vie dans un camp de réfugier .Mon père étant exploitant minier avais travailler plusieurs années dans ce pays ou il regorgeais assez d’or.avec des associés,mais malheureusement mes parents sont mort dans la guerre.
Makes a strange offer involving large sum of money
J’ai hérité de la somme total de 11 000 000 00$ que mon père avais loger dans une valise métallique et déposer à la DHL pendant la guerre.Comme mon age ne me permet pas de m’occuper de cette opération,raison pour laquelle je vous contact afin que vous m’aidiez à retirer la valise de DHL pour expédier chez vous.Après la réception je vous ferai parvenir le code d’ouverture,pour vous permettre d’ouvrir.Je propose 35%,Est-ce que cela vous arrange? Le reste vous ouvrer un compte pour loger ma part afin d’assurer mon avenir.
Spelling and grammatical errors
No detailed contact information
J’attends votre réponse afin de vous plus de détaille.
Cordialement,
Louise
No reputable company will ever ask you to supply personal information via email. When in doubt, telephone the organization and speak to someone directly.
One more example of fishy email
Dear Customer,,
We at the Security Group Department had just noticed an unusual activity
on your Account, to be certain that your account has not been compromised
we have hereby put a limit on your account pending the time you validate
your account.
To validate your account, kindly go here to validate your online data.
Upon successful validation, the limit on your account will be automatically
taken off; then you'll be able to transact with your account again. This
measure was put in place to ensure safety of your account with us.
Do bear with us for the inconveniences.
Security Team,
T D Canada Trust