Phishing scams 2015 on the rise ahead of April 15
The IRS warned at the beginning of the year that they expected an onslaught of malware and targeted phishing scams 2015. As the tax filing deadline for Businesses came and went in mid march the attacks continued. Several clients this week have been targeted by such attacks. Their people were trained and ready. If you need help Tekmar offers vulnerability and penetration testing, threat protection services and training form management and users.
Stop and Think before Clicking
Phishing scams are typically carried out with the help of unsolicited email or a fake website that pose as a legitimate site to lure in potential victims and prompt them to provide valuable personal and financial information. Armed with this information, a criminal can commit identity theft or financial theft.
How to recognize phishing email messages, links, or phone calls
Phishing email messages, websites, and phone calls are designed to steal money. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer.
Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website.
What does a phishing email message look like?
Here is an example of what a phishing scam in an email message might look like.
- Spelling and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam. For more information, see Email and web scams: How to help protect yourself.
- Beware of links in email. If you see a link in a suspicious email message, don’t click on it. Rest your mouse (but don’t click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s web address.
Links might also lead you to .exe files. These kinds of file are known to spread malicious software.
- Threats. Have you ever received a threat that your account would be closed if you didn’t respond to an email message? The email message shown above is an example of the same trick. Cybercriminals often use threats that your security has been compromised. For more information, see Watch out for fake alerts.
From <http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx>
Phishing scams targeting specific businesses or the individuals in them are known as spear phishing. While most malware casting a wide net targeting systems and their users who are behind on updates, spear phishers are aiming at particular fish. Some of their targets are found in the data retrieved from spyware and malware many of the exploits are carefully crafted for a particular mark. Here is an example from 2013 in a Kaspersky labs document.
The only way around such targeted attacks is to make people aware of them. The people piloting the spear phishing attacks have a defined goal in mind. ” This goal is achieved either by directly stealing cash from the victim, as in the case with fake online banking service pages, online storefronts, and subscriptions to online games. However, malicious users may also employ a more indirect approach, i.e., the sale of stolen databases on the black market. A large collection of user data may come in handy for malicious users for a number of different fraudulent schemes involving spam mailings and the spread of malware.”
Any way you look at it the problem is not going away. As noted in March the best thing to do is have regular conversations about the problem.