Phishing Scams Aren’t Always So Obvious

Phishing emails are a dangerous threat to anyone with an email address. Usually, there are some obvious signs that suggest a scam, but as Paul Ducklin of Naked Security explains, the absence of these signs doesn’t necessarily mean an email is legitimate.

The goal of most phishing scams is to steal your password for an online account. The email could contain a link that takes you to a legitimate looking log-in page. When you try to log-in, however, your information is sent directly to the criminal behind the scam. There are also emails containing malicious attachments. If you download and open the attachment, your computer will be infected with malware that could have a number of uses.

Some users believe that if an email with no link in the message, and either no attachment, or an attachment that shows no signs of malware after scanning with a security applicati0n, that email must be safe. But, criminals have other methods for stealing information.

Because most hackers know that users have become more cautious when opening links and attachments in emails, they’ve altered their tactics. An email may claim to be from a legitimate company and contain no links. It could have a clean attachment. However, the attachment may be a .pdf or word document containing a message and a link to a website. Many users are fooled into thinking that the link in the attachment is safer than if it had appeared in the body of an email, but that’s not the case. Usually, the link found in the attachment will also direct you to a malicious site used to steal your log-in credentials.

These sites designed created specifically to steal passwords are dangerous. Many are designed so that the ‘close’ button on the log-in box acts the same as the ‘submit’ button. This means that even if you decide at the last second not to log-in and try to close the log-in box, any information you put in will be sent anyway.

Unlike legitimate websites, these scam sites also don’t use ‘HTTPS’. That makes them more vulnerable to ‘sniffing’, or other parties being able to intercept any information you send through the site. So, not only does the criminal running the scam have your password, but anyone monitoring the activity on the site could too.

The best option for preventing yourself from becoming a victim of a phishing scam is to avoid them all together. If an email arrives in your inbox, make sure it’s from a trusted source. Check the sender’s address. Often, scam emails won’t be from the domain of the company they’re impersonating. Also, don’t download any attachments unless you know exactly what it is. Don’t follow links provided in emails. If you want to visit a site, enter it directly into your browser to be sure you’re visiting the legitimate site, not a spoof.

Web and spam filters and antivirus programs are also useful in keeping you safe in case you do click something you shouldn’t have. For help improving the security on your home PC or at the office, call Geek Rescue at 918-369-4335.