Are you a victim of phishing and don’t know it?

All of us here at Natmin Pure Escrow care immensely about the safety and security of our community. This is why we’re working so hard to bring you a safer and cheaper alternative to transacting online with our Pure Escrow platform. But we feel the need to do more, so we’ve decided to highlight the many scams and online fraud out there so you know what to look out for and how to keep yourself safe. By looking out for each other, we can build a safer and happier community for all of us for the future.

PHISHING

Phishing is often used as the lead action of an attack and is followed by malware installation and other actions that ultimately lead to exfiltration of data — Verizon.

Phishing is a technique used by attackers to fraudulently obtain your information and/or install malicious software onto your computer. Typically, a phisher will send an email that appears to come from a legitimate business — bank or financial institution — requesting verification of information, or warning of some dire consequence if action isn’t taken immediately. The email will usually contain a link to a fraudulent web page that has been made to look as similar as possible to what it’s purporting to be. Quite often you will input your login details and be sent forward to the legitimate site, being none the wiser that your details have just been stolen. There is also a high possibility that clicking on the link will install malicious software onto your computer. Motives for phishing are split between financial (59%) and espionage (41%)-Verizon.

Of the phishing sites observed, the longest-lived was up for just 44 hours, and the shortest-lived was only up for 15 minutes — Webroot.

Cybercriminals are creating an average of around 1.4 million phishing websites every single month, with fake pages designed to look almost identical to the company they’re spoofing. They’re using all the technology at their disposal to try to trick you into doing something you shouldn’t.

SPEAR PHISHING

Whereas phishing emails are sent out in the hundreds of thousands hoping to catch someone unawares, spear phishing is a more personal form of attack. The attacker will obtain some piece of information about their target, and use that to trick the target into performing requested activities. Often the target isn’t even the focus of the scam, but is used to secure a foothold into a secure computer system they have access to, usually within the business they work for.

People open 3% of their spam and 70% of spear-phishing attempts. And 50% of those who open the spear-phishing emails click on the links within the email — compared to 5% for mass mailings — and they click on those links within an hour of receipt — FireEye.

Spear phishing emails often appear to come from a trusted source, making the target much more likely to click on the malicious URL that sends them to a spoofed site. Due to the nature of a spear phishing email, it is highly likely that the target won’t even realise they have been attacked. The longer the attack goes undetected, the longer the attacker has in the system to get access to critical data — bank accounts, computer system passwords, security clearances or work credentials.

TIPS TO STAY SAFE ONLINE

Personal:

• Don’t panic. Things are never as dire as phishing emails make it out to be. Navigate to the website manually or even use a phone book to obtain contact information for someone in the business to verify the information with.
• Be sceptical. Take a critical look at the email, poor grammar and spelling is a dead giveaway for a phishing scam, as is a generic greeting referring to the target as valued customer. Be extra wary of potential spear phishing emails though, as these would almost definitely address the target by name.
• Inspect the link-DON’T click the link. Hover your mouse over the link to see what the address is that pops up in the bottom right corner of your screen. Also hover over the email sender as phishing emails often claim to be from a legitimate business, but a quick check of the email address shows something completely different. If you are even the slightest bit worried about the legitimacy of an email, never open the attachment. If in doubt, contact the business directly and query the matter with them.
• Be smart with passwords. Change them regularly, and never use the same password on multiple sites. Quite often once attackers have obtained your login details, they will use those details anywhere else they can think of in the hopes of striking it lucky.
• Keep software updated. Much of the software on your computer is updated regularly to combat all the new threats that have arisen. Attackers will often use a method that may have been addressed in an update, but hope that the target has been lax in keeping their system updated.
• Be aware of your online presence. Spear phishing emails rely on personal information obtained about you to make you believe they are someone you know and trust. Most often this is garnered from your social media accounts. Think of all the details you post to your social media accounts. By accepting unknown friend requests or having your profile set to public, you’re basically inviting attackers into every aspect of your life. Don’t make things easy for them.

Business:

• Educate your staff. Teach them how to recognise, avoid and report phishing and spear phishing emails. Every person in your company holds some kind of value to an attacker, so ensure everyone knows their potential to be a target.
• Update, implement and maintain your security technology and processes to prevent, detect and respond to all phishing threats, especially spear phishing.
• Invest. Invest in expertise and updated threat intelligence. Unfortunately until we discover a way to find and prosecute these attackers, they will continue with the methods that make them the most/easiest money.
• Be smart with your passwords. Ensure all your staff change their passwords regularly, and educate them on the need to choose a difficult password, paying special attention to avoid anything used in the past.