Have You Been Phished?

Category: Security

Phishing, the art of getting users to click on malicious links in bogus emails, is the favorite tool of scammers, by far. The reason is, phishing works. Scammers are getting better are slipping their phishes through spam filters and past anti-malware software. Ironically, the successful campaign to raise users’ awareness of online security hazards is making phishing more successful. Read on to learn about the latest phishing developments...

The Latest Phishing Baits

The irony is that increased awareness of phishing techniques has driven scammers to adopt techniques that are more sophisticated, and often more successful. Since January, 2017, a phish email targeting Netflix subscribers has been highly successful. The email tells dismayed users that their Netflix account has been suspended. It says the account can be restored by updating payment information, and provides a link to a page where the user can log in and update said info.

Of course, that link actually takes the user to a fake Netflix login page, and from there into a series of forms that demand ever more sensitive personal information. If you take the bait, your account password (and any other information you provide) is sent directly to Hacker HQ.

Several things stand out about the Netflix phish. First, its creators have gone to great trouble to replicate familiar Netflix pages almost exactly; there’s even a background image on the login screen that promotes recent Netflix’s original content. Second, the phishing site to which users get connected encrypts the HTML of fake pages it sends to victims, making it impossible for anti-malware apps to scan it for suspicious code.

Phishing attacks 2017

A third line of defense for the scammers is that the pages won’t load for IP addresses that belong to Internet security monitoring groups, like Google, or the anti-phishing initiative PhishTank. This trick keeps the Netflix scam sites off the blacklists of real-time Web monitoring services.

Phishers also evade detection by hacking into well-known, reputable sites and hosting their fake pages there. A fake page delivered from a reputable site will not be flagged by Web reputation services like Google’s Safe Browsing or the Norton SafeWeb service.

And of course, scammers are not interested only in your Netflix account, The same techniques are being used by phishes that purport to be big banks, online publications, email services, and social media sites. Paypal, eBay, Facebook and Capital One bank have long been targets of phishers. But more recently there has been a focus by phishers on your Apple ID, Microsoft Outlook and Google Drive credentials. Be especially careful when dealing with online document signing services.

Simple Things You Can Do To Avoid Phishing Traps

Use the phone. Yes, it's old school, but a quick call to your friend, mortgage broker, attorney, customer service, or the bank's security department can confirm if an email is legit or not.

Don’t re-use a password on multiple sites. Use a password manager such as RoboForm to generate strong passwords and audit your entire database of passwords for duplicates. If you use the same password everywhere, it takes just one phish to open all of the doors to your digital life.

Confirm the apparent sender really is sending from the right email address (e. g., john@doe.com if you know that’s John’s address). In Gmail, you can do that by opening the email, clicking the down-arrow in the upper right corner, and selecting “Show original” to find the "From:" line. But just because a message comes from someone you know, that doesn't mean it's safe to open links in it. Your friend's email account may have been compromised, spewing malicious emails to all of his or her contacts. (See "use the phone" above.)

Hover over an email link, and its full URL should appear. Does it lead to where it should, based on where the email seems to originate? An alert from Netflix.com should not steer you to a page hosted on some other website. When in doubt, don't click a link in an email. Instead, go directly to the site via a browser bookmark, or by manually entering the URL.

Beware of email subjects that urge you to take action immediately. Phishers don’t want you to take time to think, or to research their bogus domains. “Panic” or alarm makes people act hastily, so it’s no surprise that the most successful phishing email subject lines include “SECURITY ALERT,” “REVISED VACATION & SICK LEAVE POLICY,” “PASSWORD CHECK REQUIRED IMMEDIATELY,” and the straightforward “URGENT ACTION REQUIRED.” The use of all-caps is deliberate, as it induces the adrenaline rush that comes with being shouted at.

Be careful with shortened URLs. Text messages that contain short URLs are another type of phish that targets mobile devices. Much to my alarm, I cannot find any simple way to preview the full URL represented by a shortened URL such as https://goo.gl/uNEbdN or http://bit.ly/2iT3S5y -- it just takes me directly to its target, which may be a phishing trap. (Those examples are both shortcuts to AskBobRankin.com.) (You can do a "long press" on the message, then select "Copy text" and paste the URL into CheckShortURL.com/, but that's a bit tedious.)

Let's Review Some Perennial Favorite Holiday Phishing Scams

The fake invoice: invoices are hardly surprising during the busy shopping season, especially if it seems like something you’d buy as a gift. You may be inclined to click to see exactly what you’re being asked to pay, but that click may lead to a malicious download.

Shipping status notifications: a “click here to learn about the delay in your shipment” often works.

Unbelievable bargains, or even believable ones, appeal to greed, which is always unthinkingly in a hurry to be satisfied. “Hurry, only one hour left!” “Last one, on sale for 90% off!” is another good one.

Fake surveys promise some sort of reward for completing them. They start out innocently, asking reasonable questions about your shopping habits. But the questions get more and more personal, leading to requests for your name, address, phone number, and even credit card data (to defray shipping charges). If the questions get personal, it’s time to stop. Let that "reward" go.

Bottom line: Bad guys are getting better at evading all sorts of anti-phishing defenses, and at crafting bait that people will take. Ultimately, the best defense is your own thinking skills and common sense.

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 13 Nov 2017


For Fun: Buy Bob a Snickers.

Prev Article:
Will More Memory Speed Up Your Computer?

The Top Twenty
Next Article:
Resetting Forgotten Windows Password

Most recent comments on "Have You Been Phished?"

Posted by:

Ken Mitchell
13 Nov 2017

I get a dozen phishing attacks a week. Sometimes it's an alert that my bank access has been frozen, and to click the link to restore - but I don't have an account with that bank. Or sometimes I do have an account with that bank, but the email comes to an account that that bank doesn't know about.

I got that "Reset your Netflix credentials" message - but I don't use Netflix.

Yes, I'm paranoid about phishing attempts, but the big question remains; Am I paranoid ENOUGH?


Posted by:

Lucy
13 Nov 2017

Thanks Bob, another excellent reminder.

Is there any harm if one of these emails is just opened? Or do you have to click on something within the message to download malicious code?


Posted by:

Andrew
13 Nov 2017

I have had a few of them. What I do is the following: see if the real corporation or whatever has a site to report Phishing or Spoof. Then go to more in my Yahoo mail where I received this, Copy the whole raw header and then do a send to the real Corporation, pasting the header. Usually, I get a reply back from Corporation in that they have received my email and will be looking into it. I never reply to any directly.


Posted by:

KD
13 Nov 2017

What about http://www.checkshorturl.com/ to view source of short URLs?

EDITOR'S NOTE: I mentioned that site in the article. :-)


Posted by:

fred
13 Nov 2017

Get even. Forward the email to me@rescam.org.
Rescam has bots to turn the spammer or phisher lives into hell by answering the email you forward to them and acting as if it's you and wasting their time.
You can check how it works here
https://www.netsafe.org.nz/rescam/
Enjoy fighting back.

EDITOR'S NOTE: Interesting idea, but I can't give it a thumbs up. First, most scam emails do not have a valid reply address. And the ones that do may have been unknowingly sent by someone with a compromised email account.


Posted by:

Ken Mitchell
13 Nov 2017

Lucy; Generally, opening the email itself is safe. It's the attachment or the links that would cause the problem.


Posted by:

Eugene
13 Nov 2017

Hi Bob. I get anywhere from 1 to 5 fishing emails daily. One thing I do is hold my cursor on the from address. Most of the time the address that comes up is different from the one shown. I've received 5 emails from my "Wife's Sister" the address is not from her, 2 of them came with a .jp
and 2 from a college. It's too bad a great thing like the internet is used for bad.


Posted by:

Mat
13 Nov 2017

The worst part about all these phising attempts, and what also seems to make them more real, is that I get alerts from some of my credit cards, and even the credit monitoring agencies that include legitimate clickable links in them. They should know better than this!

It then gets to the point that you have no idea which is good and which is bad, so my policy has become that I NEVER click on a link inside an email..NEVER,NEVER,EVER!

I always go directly to whoever supposedly sent me the email, and log into their site directly.....I never have a problem that way.


Posted by:

Daniel Wiener
13 Nov 2017

I want to give props to my company for proactively combatting phishing attempts. In particular they periodically send out test messages that simulate phishing emails in one or several ways, to see if employees fall for them and click on the links. Most of the time I can spot the pseudo-phishing email, but once or twice I've been lax or inattentive and been caught. It raises our awareness, and makes us more cautious in the future.


Posted by:

Laurie
13 Nov 2017

I don’t bother to click on links in emails. Many of these phishing emails note that there is an issue of some kind with an account (bank, service provider, some other entity.) So, I go to the Website directly to log in and see if there really is some sort of issue with my account. Normally, if there in an issue of some kind, I will have a notification once logged in. If I don’t see a notification, but am still unsure, I will call the entity in question. Sometimes if I have a little extra time, I might take a look at the email headers and/or the URLs out of curiosity. But, I really don’t need to since I’m not going to click on the links anyway.


Posted by:

Brian
13 Nov 2017

I have a 100% effective filter for phishing emails. It resides between my ears. Most of these attempts are glaringly obvious, and get deleted immediately. If it's from someone I don't know, and unexpected, it gets deleted. Any emails from people I do know, I never open any links, Any emails from alleged banks etc, I go to their site and check directly whether I need to re-enter any personal details, or need to change my password. It really is so easy to check if the email is genuine or not, that I am constantly amazed at the number of victims that scammers can reel in.


Posted by:

Glen
13 Nov 2017

I agree 100% with Brian's reply if I don't know
them and some thing don't feel or look right, Out
they go that fast, some people can't resist that
urge to open them up, thinking they just might
miss out on something, ......

Happy Holiday, And Merry Christmas To All


Posted by:

bob rice
14 Nov 2017

Older and retired, I shop online all the time, so often get those "shipping information scam emails. Unless it's from the seller, I mark as scam.


Posted by:

Bob K.
14 Nov 2017

1- Find the *real* URL used.
2- Get the CMD Line "Whois" or use https://whois.icann.org/en, and do a WHOIS on that fake URL
3 - in the answers, look for "Registrar Abuse Contact Email:" and send the PHISH to that ID.

Hopefully, that domain handler will rid themselves of their abusive customer


Posted by:

Jim Swan
14 Nov 2017

I think I may have been suckered by an ostensible feedback form for a recent flight on Delta airlines. In the end, I got cold feet and didn't finish the form, because it offered me to choose a reward for my time. Delta never did that before! I don't think I released any "sensitive" info, but who knows what techniques these guys can come up with to analyze their big data?


Posted by:

SharonH
14 Nov 2017

The solution is very simple: go directly to the website mentioned in the suspicious email on your own. Also I hover over the source, which often turns out to be from Germany (a lot of them lately) or someone else's legitimate email that has nothing to do with the subject matter.

I know how well some of these phishers can manipulate everything regarding point of origin. One produced a header that looked totally legitimate, as having come from my email provider. I mean down to the last line. I forwarded it to the provider. Some phishers are better at it than others.


Posted by:

anne
14 Nov 2017

"When in doubt, don't click a link in an email. Instead, go directly to the site via a browser bookmark, or by manually entering the" ...Something's missing here. I think most of you all could figure it out, but not me. :)
Is it: URL? address as given? Can I copy/paste the URL from the email to new tab?
PS Thanks, Lucy for asking about opening the email; Thanks, Ken for answering!

EDITOR'S NOTE: Yes, I've corrected the text, thanks.


Posted by:

Chuck
18 Nov 2017

Just a few days ago I got a link for my credit card bill from Bank of America. The next day I got a link to my credit card bill from Bank of America. Needless to say, one had gibberish as the from address while the other was what I expected. I always keep the previous month's bill in my email until I pay the next month and it was easy to go back and compare to make sure the one I expected was correct. I guess I need to add the from addresses to my password manager. I use KeePass and it has a place for a note. Very handy program and quite easy to use.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Have You Been Phished? (Posted: 13 Nov 2017)
Source: https://askbobrankin.com/have_you_been_phished.html
Copyright © 2005 - Bob Rankin - All Rights Reserved