I was working with a client the other day who had fallen victim to a phishing scam that had arrived in his inbox. The email which allegedly came from Australia Post said that he had a package to collect and needed to access their website to find out where to collect it from and pay additional customs charges on it. Because he had made a few online purchases recently, he assumed that the email was about one of those packages, clicked the link and followed the directions given in the email. This customer lost thousands of dollars’ worth of his savings to this scam, which his bank says he may never get back.
Phishing scams are one of the oldest and most common forms of cyber-attack on the internet, and while the majority of the internet users are aware of what they are and how to spot one, 78% of people still click on unknown links without checking them first. To help you avoid falling victim to a phishing scam, here are the top 3 types of phishing on the net:
We’ve all received one of these emails in our inboxes. Those emails that say they are from a well-known company and look legit, but when you look at the sender’s email address it actually comes from a Gmail account somewhere in Switzerland. Deceptive phishing is the original and most common form of phishing used on the web today.
Deceptive phishing is the practice of sending emails social media DM’s, texts and even making phone calls that look and sound like they are from a legitimate company, usually with an attention-grabbing subject such as “There is a Problem with your Package”, or “Your Account has been Frozen”, to get you to open and act on them.
For example, a recent phishing scam that has hit Australian shores involves one of the big banks. People who are targeted by this scam receive an email advising them that their last payment was unsuccessful, and asking them to click a link and sign in to fix the issue. When the link is clicked it takes the target to a fake web page designed to look exactly like the online banking website for the bank, where they are asked to sign in, giving the scammers access to all of the targets online banking details. This scam went one step further and had the targets answer their security questions, giving the scammers, even more, details about the target that they could either use to steal from them or sell the information on the net.
To help stop yourself falling for a deceptive phishing scam, check all URLs in emails carefully and check that they lead to the legitimate pages for example that it leads the official URL of “www.realbank.com.au” instead of a scam URL of “www.realbank.com”. Also, remember to read over emails properly keeping an eye out for warning signs such as generic greetings and poor spelling and grammar.
Spear phishing can be classed as the nastier older brother of deceptive phishing. While deceptive phishing is usually generic and lacks any personalisation, spear phishing is the opposite. In spear phishing scams messages are usually customised to the recipient with personal details including names, where they work, work phone numbers and sometimes even dates of birth. Just like deceptive phishing, the main goal of a spear phishing scam is to get the target to click a link in the message so they can steal personal details.
This method of phishing is commonly found amongst businesses where scammers attempt to use past clients and business associates details to gain vital information about the company such as usernames and passwords for things like bank accounts and the company’s website.
People usually open emails from people or companies that they are familiar with, so when a spear phishing email is coupled with a legitimate looking email or one that looks like it is coming from a friend or colleague, people fall for the scams and click the links in emails more often as they believe they are the real deal.
This type of scam is a heavy user of social media websites such as Facebook to source the information for their messages. To help negate this, ensure that your security settings are set to the highest possible, and you limit what you share online.
Pharming is a little-known method of phishing that bypasses the traditional method of sending messages and hoping for a click, instead opting to install malware onto the target computer that when the message is opened, will automatically redirect them to the fraudulent website even when the correct and legitimate URL is used or is selected from a bookmarks menu.
Pharming affects the victim’s DNS server or router, and once it is there, it can affect any computer on the network, making it easy for scammers to target multiple victims at a time.
What makes pharming so dangerous is not that the user is largely unaware that there is a problem and think that they are accessing a regular website inadvertently giving scammers unlimited access to all their details, but the fact that anti-virus software is unable to pick up this form of malware as it doesn’t exist on the computer itself, but in the servers, that tell the browser what URLs lead to which site.
Despite all the warnings and safety messages that are published about the dangers of phishing scams and how to spot one of them, approximately 30% of phishing links that are sent out in emails are clicked. If you have fallen victim to a phishing scam, or suspect you might have supplied your details to a scammer, contact your financial institution immediately. They will be able to help you by putting a freeze on your account and assisting you to change your passwords and security questions to help re-secure your accounts.
I offer a 30-minute business review session. During that session I provide my advice on if and how I can help you and your business by making sure you have the right insurance. To find out more email me at firstname.lastname@example.org or phone 0401 109 324.