As you know someone has tried to imitate Theresa and so she has asked me to
circulate her message.
The chairman of our Parish Council was imitated by a Phisher (or whatever
the term is). All they needed to know what that he was chair of the council
and who the other members of the council were. This is information that is
freely publicly available. What they then did was to set up a false email
account with the name of the Chairman and circulate us all with a message
saying that he needed help for a charity he was involved in. It was a
simple matter to check that it was not his normal email address so I was
not fooled but there is nothing we can do to stop it. We just have to live
with it.
Having the free lists service is an extra layer of protection for us.
Best wishes,
Chris
Hello Chris,
Harry, my son, sent me this information
I thought it might be helpful to forward to All in our group.
Theresa
SENSITIVE
*What Is Phishing*
[image: image001.jpg]
Photo from Turboweb
Phishing is the fraudulent attempt to obtain another individual’s personal
information through email and other forms of electronic communication. In
most cases, the criminal uses disguised email, called phishing email, as a
weapon. The goal of the criminal is to trick the email recipient into
believing they should reveal their username, password, or credit card
details to get something they want or need. The email sender might pretend
to be from the victim’s bank, favorite online store, or insurance company.
Inside the email will be a link the victim will need to click, or an
attachment the victim will need to download. Once the victim clicks on the
link, or downloads the attachment, the target will be asked to divulge
personal information such as usernames, passwords, and credit card details.
Once the cybercriminal has the info, he or she will hack into your email
and social media accounts, or use your credit card for online purchases.
What distinguishes phishing from all the other scams is the form the
message takes, the phishing email may look like it’s from a company you
know or trust, like an online store, a credit card company, or a social
media site.
In other cases, a phishing email will lure the victim in by making him or
her panic, the email might say the sender noticed some suspicious activity
or log-in attempts, or the email might say there’s a problem with payment
information, and the user needs to click on a link to make a payment or to
confirm some personal information.
Last February, many shoppers were victims of a PayPal phishing scam
designed to harvest confidential data of users. They received an email
saying that a new address was added to the victim’s account, and this email
is a confirmation email of this fact.
If they did not add the address, they had to click on a link to make sure
no one can use their account without their knowledge. When you click on the
link you will be taken to a fake PayPal page that asks for the victim’s
email, password, billing information and credit card details.
As you can see, these cybercriminals are absolutely ruthless and will do
everything and anything to get their target to do what they want.
*How To Know If You Are Being Phished*
[image: image002.jpg]
Photo from Malwarebytes Labs
In the earlier parts of the article, we talked about how phishing emails
work. Cybercriminals send fake emails to companies and individuals. In
these emails, the criminal will ask the recipient to click on a link that
takes them to a page. On this page, the victim will be asked to confirm
personal data such as account information. Once hackers have this info in
their hands, they can pretend to be you, create new user credentials, or
install malware into your system to steal more personal data.
No one wants that to happen to them! We need to wage against
cybercriminals, but before we go into war, we need to learn how to
recognize the enemy. Here are some clues to help you spot phishing scams :
*Real Companies Don’t Request For Your Personal Information Through Email *
Most companies have data privacy laws. And if they follow their own rules,
they will not send you an email asking for your Social Security Number, tax
number, or credit card information. A big company like Amazon won’t ask you
to do that. If you get an email from someone pretending to be from Amazon,
that could be from a cybercriminal running an Amazon phishing scam.
You need to report that immediately! To report a phishing email, email the
company the cybercriminal is pretending to be. For Amazon concerns, send
the email to stop-spoofing @amazon.com.
*Real Companies Call You By Your Name *
A phishing email will typically use general greetings like Dear valued
customer, or Dear madam/sir. If a company you deal with needs some
information about your account, they will call you by your full name and
ask you to call them via landline or mobile phone.
Last January, a Netflix phishing scam filled the inboxes of Netflix
subscribers. The email began with “Hi #name#,” (look at that red flag!) The
email then informs recipients their Netflix membership is on hold. Once
they open the email, users will immediately see a link that will redirect
them to a fake Netflix page where they’re instructed to enter their login
credentials and their credit card information.
Netflix seems to be a favorite among cybercriminals, the video on demand
streaming service’s 158 million subscribers were targets of similar Netflix
phishing scams in September and November just last year.
*Legitimate Organizations Know How To Use Proper Grammar*
An email from a legitimate organization should be well written.If it’s got
a ton of typos, and a lot of bad grammar, we’d be willing to bet you’re
looking at a phishing email.
*Real Companies Don’t Randomly Send You Attachments *
Most companies don’t send random emails with attachments. Most of the time,
they would rather ask their customers to download documents from their
official website. In certain instances, companies that already have your
email might send you information that would require a download. When that
happens, contact the company directly using contact information written on
the company’s official website.
*Real Companies Don’t Force You To Their Website *
If an email looks suspicious, do not put your cursor anywhere on the email.
Some phishing emails contain hidden code, or are coded entirely as a
hyperlink. Clicking anywhere on the email might open a fake webpage or
might download *spam* <https://firewallguide.com/internet-security/spam/> onto
your computer.
*Types Of Phishing Attacks *
[image: image003.jpg]
Photo from Thinkwealth Magazine
In the earlier parts of the article, we talked about phishing scams and
phishing emails in general. But the situation is not as simple as that.
There is more to this than meets the eye. Some cybercriminals use more
specific types of phishing scams to attack certain individuals or
organizations.
Let’s learn more about that here:
*1. Spear Phishing*
Spear phishing is usually confused with general phishing because they are
both attacks on users that aim to acquire confidential information. But the
goal of a general phishing attack is to send a bogus email that looks as if
it is from an authentic organization to a large group of people.
Spear phishing, on the other hand, is targeted towards a specific person,
company, individual, or business.To make their attack successful, the
cybercriminal usually researches specific information about their victims;
i.e. victim’s name, position in company, his or her contact information etc.
The fraudster will later customize their emails with the info that they
gathered, making the victim believe the email is from a trustworthy source.
Attached in the email are fake URL and email links that ask for the
sender’s private information. Once the email recipient gives it, the
fraudster has succeeded.
*2. Domain Spoofing*
Domain spoofing occurs when a cybercriminal spoofs an organization or
company’s domain to make their emails look like they’re coming from the
official domain. How is the fraudster able to do this? By creating a fake
website and fake domain that is very similar to the original. For example,
instead of netflix.com, the cybercriminal will use netflix.net. The
cybercriminal will then create a new email header to make it appear like
the phishing email is coming from a company’s legitimate email address.
*3. Clone Phishing*
Clone phishing, as the name suggests, occurs when a cybercriminal copies a
legitimate email message sent from a trusted organization. The fraudster
alters the email by replacing or adding a link that redirects to a
malicious and fake website.
How will you know if the email you are looking at is cloned? You’ll see a
fake email address appearing to have come from an original source, the
attached file or email link is replaced with a malicious version. Lastly,
the cloned email will pretend to be an updated version of the original
email, or revert of the original email.
*4. Evil Twin Phishing*
Evil Twin phishing happens when an attacker snoops on Internet traffic
using a bogus wireless access point.The victim will be tricked into logging
into the attacker’s server, and will be asked to enter sensitive
information like usernames or bank accounts. But wait, there’s more-the
attacker will also be able to eavesdrop on the victim’s network traffic,
and will also be able to view all of the victim’s downloaded attachments.
Creepy, huh?
This type of attack has also been called the Starbucks scam because it
often takes place in coffee shops. We know you now know what to do the next
time you ask your favorite barista for the WiFi password.
*What To Do If You Get Phished *
What you never wanted to happen just happened… you got phished. Before you
throw yourself into a panic attack, take a couple of deep breaths, relax
for a minute, and follow our tips :
*1. Change your password*
If you clicked a link that sent you to a site that pretended to be your
bank, email service, or medical clinic, before you do anything else, log
into the REAL site and change your password. If you use the same password
for all your accounts, change the passwords for your other accounts, too.
And while you are it, change your password hints, and standard security
questions, too.
*2. Backup Your Files *
Always remember to keep yourself covered. Remember, data can be destroyed
or erased in the process of recovering from a phishing attack, so before it
comes to that, go offline and save all your files in an external hard drive
or USB drive. Focus on protecting sensitive documents such as work-related
emails, files, videos and presentations. Don’t forget to save your personal
photos and videos, too. Keep those precious moments with family and friends
in a safe and secure storage facility.
*3. Report The Incident To The Organization That Was Spoofed *
Contact the company that was spoofed, tell them all about what happened to
you. Let the company know you changed your password, and follow their
instructions for safeguarding your information and your account. If you
gave out financial information, you’ll need to take a deep breath and…
cancel your credit or debit card.
Contact the local and national authorities, too. Report computer or network
vulnerabilities to the National Cybersecurity Communications and
Integration Center (NCCIC) at 1-888-282-0870 or at *www.us-cert.gov/report*
<https://www.us-cert.gov/report>.
*4. Watch Out For Warning Signs Of Identity Theft *
If you’ve revealed any financial information or other sensitive info like
your Social Security number, be on the lookout for identity theft. Observe
your bank and credit card statements. Keep an eye out for withdrawals or
purchases you did not authorize. Also, ask your bank to let you know if
there has been any unusual activity on your account. Notify credit
reporting agencies that your personal information was compromised. Ask for
a credit report to make sure you don’t contain new lines of credit you
didn’t sign up for.
*5. Protect Your Computer For Viruses *
Whether you clicked on a suspicious link or downloaded a harmful
attachment, it’s a good idea to scan your computer for viruses and malware.
A good *antivirus software* <https://firewallguide.com/antivirus/> will
thoroughly examine your computer, and will immediately alert you to any
files that may have been infected.
If you have not installed antivirus software on your computer, you are
putting yourself, your computer, and your personal reputation in grave
danger. Trust us when we say in this situation, prevention is 100 percent
better than cure. Without antivirus protection, you will constantly be at
the mercy of ruthless cybercriminals. Your passwords can be lifted, your
bank account can be emptied, and your identity can be stolen.
In your search for a good antivirus or *Internet security software*
<https://firewallguide.com/internet-security/>, you need to look for a
product with strong anti-phishing tools and anti-phishing services. They’ll
safeguard your device against malware, spam, and spoofing. When you’ve got
all these things in your computer, you’ll have peace of mind whenever you
connect to the Internet, knowing that all these tools will be working hard
for you.
Having said that, to help you along the way, we’ve put together a list of
the most effective internet security products in the market.. They should
keep your computer running safely for years to come.
