Tech Solutions NC

Your one stop for home and small business computer and network support

Bangladesh

Phishing Attacks — how do I detect them?

by 1 Comment

Phishing Attacks - how do you detect them

{Editor’s Note: We continue our look at Phishing Attacks.  Yesterday, we talked about what a phishing attack is. Click here to read part one.}

Phishing Attacks — how do I detect them?

While phishing attacks are extremely common in today’s internet environment, the fortunate reality is that the vast majority of phishing attack emails that are received are very poorly written and have little chance at success.  When you receive an email from an unknown person, there are several things you should look at in consideration of whether or not the email is a legitimate one:

  • How is the grammar? Does it read like an email should? Or are there obvious grammar and spelling issues that indicate it may be bogus?
  • Are there any links in the email, and do those links give any clues about the legitimacy of the website?
  • Does the email seem just to good to be true? Are you getting something for nothing? Chances are that if it seems like that, then the email isn’t legitimate.
  • Look at the sender — does the name that it is coming from and the email address that is used match, seem legitimate? Or, as in the case of an email I received today, are they so different that it is obvious?
  • Lastly, is the email from a company that you deal with on a regular basis, or is it from someone that you never use?

In the image below, I’ve taken an email I received and marked it up with some details that you should look for in emails you receive.  As you can see from the image, it was flagged as SPAM, so they obviously think that it isn’t legitimate.

Phishing Attempt email2

From the top, these are the things that stand out to me:

  1. Notice the grammar.  The subject at the top just doesn’t read cleanly.  No comma is needed, and no hyphens are needed in the “for-your-order” section.  Also, I didn’t place an order.
  2. Look at who the email is from.  The “name” is Walmart-Reward Points, but the email address is listed as Dolores@wmoneyj.racing.  Definitely not an email from a Walmart email account.
  3. I don’t shop at Walmart very often, so I wouldn’t expect an email from them.
  4. In the link, you need to be careful because it is a shortened link.  In this case the link references a “t<dot>co” link, which is a shortened Twitter link.  The reason you need to be careful, though, is that it isn’t obvious what the shortened link will translate into.  Fortunately, others have worked on translation websites that will help you out.  In the example above, the link in that email translates to Retail Promo USA.

In our example above, the real question is whether this is a phishing attempt or not.  The short answer is maybe it is, maybe it isn’t.  It could be that the website the link redirects to will prompt us for some PII (Personally Identifiable Information) that could be used to steal our identity.  Or, it could be that the link will attempt to install some malware of some sort — perhaps spyware or adware that will turn our system into a pop-up nightmare.  In any event, in my eyes, it isn’t legitimate.

In conclusion, the biggest factor in determining the legitimacy of an email is to rely on good old common sense.  Remember the adage, people — it it sounds too good to be true, it probably is.  Remember, phishing attacks are a common way that someone attempts to steal your identity.  Be smart, don’t fall prey to a phishing attack.

Do you have any questions? Please feel free to leave them in the comments, or reach out to me.  My phone number is 919-606-6725, my email is mike@techsolutionsnc.com, and you know the website already.  Thanks, and have a great day!

Phishing Attacks — what are they?

by 4 Comments

Phishing Attacks

phish – verb “to try to obtain financial or other confidential information from Internet users, typically by sending an email that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake website that replicates the real one.” ~ from dictionary.com

In the connected world that we live in today, the good that the internet provides is countered with all of the bad that exists on it’s web pages.  For every good use that we see the internet being used for, there are at least two bad purposes that are being utilized.

Over the next three days, we are going to take a hard, in depth look at one risk of using the internet — phishing attacks.

In today’s post, we’re going to get into the nuts and bolts about what a phishing attack is.  The definition you see at the top of this post certainly does cover a lot of detail, but let’s expand on that just a bit, shall we?

Phishing Attacks

Like the definition mentions, a phishing attack is an attempt by an unknown party to trick you into providing personal information on a website that looks like a legitimate company website, but in actuality is not legitimate at all. The purpose of doing so is for the attacker to collect sensitive data — such as your social security number, bank account information, login usernames and passwords, and so on — so that they can use that information to secure financial resources without you knowing about it.  This is one of the primary ways that Identity Theft occurs.

phishing attacks
(click to enlarge image)

In the email posted above, you see a poor attempt at a phishing attack.  The email, reportedly from “Citibank Customer Service”, references that your Citi account has been locked.  In the email, the sender indicates that if you did not trigger this lockout, that you should click the link and follow the instructions.  What makes this a poor example is that the link directly shows that clicking the link will take you to a website in the comcast.net domain, not to citibank.net.  Often, a link like that would show the domain for Citibank in the text, making you think it is legitimate, but in reality the link would be taking you to a different domain and website entirely.  For example, the link in this sentence to “click here” takes you to the Tech Solutions NC website, even though the text for the link does not list the name of the website.  Fortunately, though, most browsers today will show you what website that link will take you to just by hovering your mouse over the link (and not clicking it).  You can see an example of that in the image below.

phishing attacks
(click to enlarge image)

To summarize:

  • A phishing attack is an attempt by an unknown attacker to trick you into going to a website that you think is legitimate, but has actually been faked in order to get you to enter personal information so it can be compromised.
  • Most phishing attacks occur in emails that you receive.
  • Often, there are clues you can see in the email that convince you that the email is not legitimate.
  • The purpose of phishing attacks is to steal your identity so that the attacker can profit from it.

Tomorrow, we’re going to explore in more detail how you detect them.  Stop back by tomorrow, and thanks for checking in!