Would You Click on This?

Category: Security

Phishing is an attempt to trick you, by impersonating someone you trust. The good news is that far fewer phishing emails are being sent and fewer people are being targeted by information thieves. The bad news matters if you are one of the remaining targets: there are more bad guys gunning for you now and fewer places to hide than ever before. Here's what you need to know…

Phishing Gets Rarer But More Dangerous

In 2013, phishing emails as a percentage of total email traffic fell from 1.12 to 0.5 per cent, claims a new report by Websense Security Labs. So only one in every 200 emails you received was an attempt to make you click on a link that would lead to identity theft, or download a disguised malware package. Call that “better” news, perhaps; it still isn’t good.

Researchers were able to find far fewer sites hosting such malware either intentionally or as a result of being infected by hackers. They conclude that many phishers have given up their “sport” as anti-phishing defenses have achieved 99%-plus effectiveness rates in blocking traditional phishing exploits.

But at the same time, researchers reveal that phishers are employing more sophisticated, difficult-to-detect means of disguising their malicious payloads on websites. The Websense report also shows that advancing technology and economy of scale benefit the crooks as well as the rest of us. The cost of criminal cyberdeeds is declining, due to easily scalable cloud services and cheap rented botnets.
Phishing Emails

One thing is clear: phishing attacks are becoming more targeted, and so most people are less likely to become victims. Rather than becoming a random victim of a phishing email sent to millions of addresses, it is increasingly likely that one will be mindfully selected by a criminal, stalked and monitored online, and then skillfully duped with information collected by surveillance.

The Most Dangerous Subject Lines?

The new generation of phishing email is carefully crafted to look like your bank’s, not that of some other bank at which you know you have no accounts. Its subject line contains the name of your bank, and the salutation bears your name, not “valued customer.” It may even mention the name of an investment that you actually own if you have mentioned that instrument in an online forum, on Facebook or Twitter, or elsewhere. Isn’t that spooky?

Researchers at Websense identified "Dear Customer" as one of the the five most common subject lines found in phishing emails. The other four include "Invitation to connect on LinkedIn" (an attempt to steal the username and password of business and professional users); two variants of "Undelivered Mail Returned to Sender" (a clever ploy to make you think one of your emails failed to reach the intended recipient); and "Comunicazione importante" (presumably a more targeted attack on Italian language users).

Consider what might happen if you click on a bogus link to online banking, your webmail, a LinkedIn invitation or Facebook friend request. You are directed to a rogue site that looks exactly like Chase Bank, Gmail, LinkedIn or Facebook. You enter your username and password. The site may toss out a vague error message, or redirect you to the real site without you ever knowing. But your login credentials have just been stolen.

The thief can now login to your account, gaining access to your finances, contacts and other personal data. He may even impersonate you or lock you out of the account. And on how many other sites do you use that same username or password? Ooopsie...

Personal wealth is not the only target of phishing attacks, or even the primary one. Business intelligence is more valuable on the black market than the net worth of many people who carry such business intelligence on the mass storage devices of laptops, tablets, and smartphones employed for both business and personal uses. “Personal uses” are another Achilles’ heel that phishers are targeting.

Businesses spend money and effort on securing the channels of communication between themselves. But when employees use Internet-connected devices to interact with non-business site, their employers’ security can be circumvented. Malware can enter via a fantasy sports league site as well as the site of a trusted business partner, and once ensconced on a device that has access to business intelligence, the malware has free rein to work its data-gathering tasks.

What Is the Solution to Phishing?

In their Phishing Research report (http://community.websense.com/blogs/securitylabs/archive/2013/12/11/new-phishing-research-5-most-dangerous-email-subjects-top-10-hosting-countries.aspx), the solutions that Websense proposes to these new threats are problematic. “Real-time web analytics and an up-to-date database of known good and malicious websites, including social networking sites…” sounds like a security geek’s dream, and it is – there are no such things and they are extremely difficult to realize. As soon as one rogue website is detected, two more pop up to take its place.

“Point-of-click threat analysis” means machines closely watching and arbitrarily blocking humans’ actions. “Real-time analysis of data transmission” is exactly what the U. S. government is doing, to the consternation of civil liberties fans. But employers can do it without the inconvenience of the First Amendment. And “Immersive End-User Training” is just as horrible-sounding as the last HR-mandated "sensitivity training" indoctrination you endured.

I believe the best defense is awareness, supplemented by technology. If your browser, email client or anti-malware suite includes anti-phishing capability, use it. But understand that these defenses do not give you license to click anything, anywhere. Start by training yourself to focus on these most common phishing attempts:

  • When an email directs you to a website that requires your username, password (or any other sensitive information), DON'T CLICK. Use a bookmark or type in the address to be sure you're going to the right place. A legitimate business will never send email asking you to "verify your login credentials."
  • If you get a "friend request" from someone you don't know, DON'T CLICK. You don't need that kind of friend, and you can always login to see if you have any pending requests.
  • If a message says your email to so-and-so didn't go through, and offers you a link to find out why, DON'T CLICK. Make sure you really sent such an email. If you did, contact them by other means and verify the address.
  • And in general, if an email message urgently directs you to do something, right now, DON'T DO IT!. Picking up the phone and calling your bank or your friend will put your mind at ease, and spare you a world of hurt.

Have you been victimized by a phishing email? Do you think you're immune to such threats? Tell me about it! Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 16 Dec 2013


For Fun: Buy Bob a Snickers.

Prev Article:
HOWTO: Boost Cell Phone Battery Life

The Top Twenty
Next Article:
Plausible Denial of Terms of Service?

Most recent comments on "Would You Click on This?"

Posted by:

Karen Brice
16 Dec 2013

The irony was I had to click a link "would you click on this link" to access the story. I actually hesitated!!


Posted by:

JonS
16 Dec 2013

Bob-
I get periodic e-mails saying my full name then the wording "your (the month) account statement is here" in the RE space. In the From space it says "PayPal Statements". Is this legit or is this Phishing? It seems strange that PayPal would send such a message. I type in the url rather than using the link offered in the body of the e-mail if i decide to check my account. Given the amount of negative publicity about Phishing it seems impossible that PayPal sends monthly announcements that have a link. On the other hand, corporate America sometimes exhibits symptoms of brain death...so I thought I'd check to see what you, the expert has to say on this one. Thanks!

EDITOR'S NOTE: A quick search tells me that Paypal DOES send these messages, but they could very well be spoofed. You do well to delete them and move on. You can always login to Paypal with a trusted link.


Posted by:

Jerry
16 Dec 2013

Not exactly a Phishing email, but something that shows up as a new TAB/Screen on my FireFox browser.
"Your FireFox is out of date, Please Click HERE to update to the newest version."
I have simply closed the TAB, but my wife said that she would have clicked on it. I have no idea what it is, but I know it isn't real.
What do you call this? Phishing, or something else?

EDITOR'S NOTE: You are correct. It's basically a full page ad, trying to trick you into installing some nasty toolbar. See http://www.2-spyware.com/remove-outdated-browser-detected.html


Posted by:

Renaud Olgiati
16 Dec 2013

Surprised you did not mention that some (free) Domain Name Servers, like Open DNS, block phishing sites, so it is worth changing from your ISP default DNS to one of those.


Posted by:

Nancy
16 Dec 2013

Another attack that showed up in my email this week, appeared to be from AMAZON.COM regarding "your order" that is about to be shipped. They give a link for details.

Since I DO order from Amazon, I clicked on the link. My malware program went crazy warning me this link had downloaded malware onto my computer, but they had quarantined it. The web site looked authentic, but when I double-checked the email address, sure enough, there were small differences! I've cleaned my computer, and will watch those emails much more carefully now.


Posted by:

Ian
16 Dec 2013

In the past couple of weeks I have had three emails, supposedly from T Mobile, Orange and WhatsAp all saying the following:

"This e-mail contains a voice message.
Download and listen to message in attached file.

Sender:
Mobile: +44702*******
Passcode: B7C0A6BD6DBC"

They have zip files attached, which download malware- that can reset your IE homepage, remove gadgets and try to copy contacts. I know this because I use WhatsAp to chat with my daughter and so I foolishly clicked on the zip file - Trend Micro seems to have dealt with it finding 10 virus exe files eg:

"Threat: HEU_AEGISCS927
Source: Threat
Affected Files: C:\Users\Ian\AppData\Local\omlalwmi.exe
Response: Removed
Detected By: Real Time Scan

I won't be clicking on any others!


Posted by:

Joseph Harold
16 Dec 2013

I actually received my first ever phishing attempt e-mail about six weeks ago. It was supposedly from a bank where I maintain a credit card (no other traditional banking accounts).
It was very sparse looking mail devoid of the more professional looking counterfeit details I've read about, such as corporate headers and logos. It was just a simple text message with a link--Click here to authenticate your account details and ensure your safety--(paraphrased).
And just for good measure, they tossed in a scare tactic, a factual error, and a bit of improper grammar.

Looked like a scam immediately.

The (verbatim) message was:
"We recently reviewed your account, and suspect that your Internet Banking account may have been accessed by an unauthorized third party.
Protecting the security of your account and of the Account is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features."

Well, thanks to sites like yours, I was immediately suspicious. So I used my browser to visit the bank's site. No unauthorized activity at all.
So I called the bank. This had apparently happened to numerous customers in recent days. (I'm guessing that a server which maintained a list of e-mail addresses had been hacked, although the bank did not confirm this.) The bank provided me with their "abuse" page to which I forwarded the phishy e-mail.
Three similar attempts followed in the next ten days or so, each with a slightly different pitch and each slightly more threatening as to the consequences of my inaction in not clicking their "helpful" links. Each of these were also forwarded to my bank for them to investigate.

Thanks, Bob, for helping to keep us all informed.


Posted by:

Peter loppe
16 Dec 2013

I did get an e-mail from my phone company (Telus)telling me that my payment hadn't gone through.

When I complaint to telus that there was nothing wrong with my payment set-up they informed me that the e-mail request was bogus.

I changed my password since but every now and then my keyboard/mouse input is unusually slow.

I have run anti-virus and anti-spam software (Spybot & Malwarebytes) but they found nothing.


Posted by:

SamG
16 Dec 2013

Posting ads on craigslist is a surefire way to receive spam and phishing emails. Usually the sender has some fake sounding name. Delete. But today I received a bcc: GMAIL message stating it was from the Gmail team, google team. Sender displayed a cute looking Oriental face avatar. Girlsname@gmail.com. said, "You have received a very vital document via Google drive. Follow this link: xxxxx@xxxx" Follow this link to view this document now. Thanks. Powered by Gmail. When I clicked the link, AVG AV went nuts. Quarantine! Not allowed! So it saved my butt.


Posted by:

Yaakov A. Sternberg
16 Dec 2013

When I get a phishing email, I forward it along with it's header to:
1) phishing-report@us-cert.gov
2) reportphishing@antiphishing.org
3) spam@uce.gov
And then report it as phishing to Google (via the little triangle next to the reply button)
I recommend that everyone do this.


Posted by:

SamG
16 Dec 2013

@Peter loppe; Try awdcleaner. Everytime my web page navigation acts goofy, I run that little free program and cured! It's a stand alone self-updating (when you open it) program that requires you to reboot after use. Unfortunatey, updating is the tricky part for me as I can't read French. So to download the new version 1. click the uppermost right side link on the webpage to access English which helps. 2. open the "how to use adwcleaner" link and download the program from it. A bit complicated procedure but does the job everytime. And yes, Spybot S&D and Malwarebytes do not help with the problem. You can thank me later for steering you there. And thank you Bob R. for all your info.


Posted by:

RandiO
16 Dec 2013

One of the most dangerous phishing scams is the pop-up dialog that asks the user a YES/NO multiple choice question for installing a certain software.
I would strongly recommend that the user does NOT click on neither of the choices, as even clicking on the "NO" choice can be redirected to the same link as the "YES" answer.
I am surprised that this little spoof is not used more often by hackers... yet!
But for most users, the only alternative is to close the browser (or the tab) altogether rather than answering with either choice! Unless, of course, the user is utilizing a pop-up blocker along with script blocking!

PS: The new FirefoFox version (V26.0) now provides a "Masked Email Address" option, which requires a simple registration with abine.com.


Posted by:

KRS
16 Dec 2013

I always hover my cursor over the sender's name, which reveals the address that my click will go to. If it's anything other than an actual site I know, I delete the message. Have the phishers found a way around this?

EDITOR'S NOTE: If you mean hover over the link (not the sender's name) then that can be faked. I would not rely on that.


Posted by:

Art Folden
16 Dec 2013

RE: Paypal phishing email: I always forward that type of email to the appropriate spoofing email address - in this case spoof@paypal.com - and I did send that exact same kind of email to them. Their reply, in part was: "Thanks for forwarding that suspicious-looking email. You're right - it
was a phishing attempt, and we're working on stopping the fraud."


Posted by:

salim
17 Dec 2013

before i started reading was hoping you mention the linkedin attempt & i wasn't dissapointed..otherwise would've said so myself here since i get those all the time.
the way i differentiate these from the real is that in the latter, there's a link to the person's profile trying to connect..


Posted by:

Deena
19 Dec 2013

I have recently been receiving emails that appear to be invoices from actual online purchases that I made in the past, only the dates have been changed to be the current date. They use my full name and even appear to have my credit card number, shown in the common "xxxx5145" format. Some of these transactions are two years old some are more current. I assume that these are phishing attempts and have not responded to any of them, but my question is, where are "they" getting these invoices? I don't have them saved on my computer. I run the free versions of avast, malwarebytes and Sophos as you recommend. Thank you for your help!


Posted by:

DiggerP
19 Dec 2013

I've received loads of this stuff ,whether in email or on websites
and after a while you can spot these things quite easily.
For email I always check the source if the mail even has a smidgen of suspicious content as indicated by the subject line or Sender's name.
Examining the Headers will quickly tell you all kinds of info regarding Sender or content.
You can tell if eg your friend's email account was hacked ,so it appears to come from them,
but the header will reveal original IP address.
Just a method I use.


Posted by:

bob price
19 Jan 2014

Company computers might have reasons to change pw's all the time, but I've never understood the rationale to change a home computer pw every six months. A complex pw is perfectly good for five months and 29 days, but unsafe a day later?


Posted by:

Clairvaux
09 Aug 2014

One exception I allow myself to those rules is when I have just registered on a site, and it sends an email with a link to click in order to confirm registration.

Unless you advise otherwise, it seems to me that there's zero chance that such a mail should be a spoof -- just when you are expecting it. It would take a hacker to take control of the original site, or to build a fake one from scratch -- and direct you to it. Not likely, I think.

Especially if you're registering to PC Super Duper Tips Forum or The Bollingdale's Daily Telegraph.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Would You Click on This? (Posted: 16 Dec 2013)
Source: https://askbobrankin.com/would_you_click_on_this.html
Copyright © 2005 - Bob Rankin - All Rights Reserved