Phishing Mail - Cautions
Contents
"Phishing" is a means of fraud where the attacker tries to look like someone else to trick the victim into giving away personal information. For a better explanation see https://en.wikipedia.org/wiki/Phishing. Many Phishing attacks are conducted with totally valid e-mail messages which do not get blocked by anti-spam and anti-virus filters. This is a brief list of active "phishing" attacks that are regularly experienced by our clients.
E-mail Addresses with Spoofed "User Friendly Names"
E-mail addresses always have two parts separated by an "@" sign, like "bill.gates@microsoft.com".
But because this looks a bit like machine language there are extensions which allow you to set up a "User Friendly" name for yourself and your organization in your e-mail address. Eg "Bill Gates - Microsoft Corporation <bill.gates@microsoft.com>".
The real address is the part in the "<>" brackets, ie <bill.gates@microsoft.com>
- The rest is a "User Friendly" label to make it look nice for the human reading it "Bill Gates - Microsoft Corporation". It has no effect on the delivery of the message.
MANY e-mail programs will display the pretty part "Bill Gates - Microsoft Corporation" and hide the dirty details <bill.gates@microsoft.com>.
- But if you look carefully you should find the 2nd part. Eg by hovering over the address, or when you click reply.
- This is one of the things that Fraudsters exploit to try and trick the recipient.
Eg you receive an e-mail from "Bill Gates - Microsoft Corporation <fraudster@hacked-mailserver.ru>"
- You may first notice "Bill Gates - Microsoft Corporation" and think it is a message from your friend William.
But if you look a little closer you will notice <fraudster@hacked-mailserver.ru> - then be careful with that message!
Malware Attachments
- One of the most common methods of attacking an e-mail user is by sending them an attachment which contains "malware" - ie a program that is designed to do something bad. Old e-mail client programs could automatically open an attachment and even run it, without the user doing anything, if the settings were set to be "user friendly". Fortunately most of these programs, which were insecure by default, are now obsolete. Modern e-mail programs have "protections" and "warnings" and many users have "anti-virus" software which provides even more "protections" and "warnings".
- Fraudsters will then try and "trick" the user into opening malware attachments. Eg:
- You will see a message "In order to read this attachment you must":
- click on a link
- download a new version of a program
- change a setting on your computer
- Never do any of the above! At this stage if you really need to know what is in the message, phone the person who sent it to you, or ask someone for their advice.
- You will see a message "In order to read this attachment you must":
- Some file types are executed and run as a program by the recipients computer, while others are passively viewed and do not cause code to run.
- "pdf" files are passive and do not contain code.
- "exe", "bat" and many others can contain code.
- Phishing mail usually contain file types that are not clearly executable but can contain code, or links to code. Eg "htm", "zip", "rar" and many others.
- Sometimes phishing mail tries to diguise the type of the file with an extension like "pdf.exe". Some programs will only show "pdf".
- It is important to understand that the Fraudsters cleverly engineer their attacks such that some recipients are tricked sometimes. Technology alone cannot "protect you from yourself" and recipients are tricked into overwriting the protections provided by the software.
- Unfortunately there are other times when it may be necessary to overwrite these same protections. Don't do this lightly and don't do it if you are not 100% certain about why you need to do it.
Passwords Phishing
- The next common form of Phishing attack is one which tricks the user into giving away their Passords. You may receive a mail with a message like:
- click here to verify/reset/confirm your e-mail account. When you click on the link it asks for a username and password. The site on the other just collects these and passes them on to the Fraudster.
a payment has just been made to or from your bank account, click here to confirm or reject the payment. The links asks for your banking username and password
- If you do use a website where you need to enter a username and password, like on-line banking, first check the address in the address bar at the top of your browser.
- Type the address in by hand, don't get to it by clicking on a link.
- Once again the attack is aimed at tricking the user, which can sometimes be done within the framework of a technically legitimate e-mail.
- E-mail credentials stolen in this way are often used for sending out spam through the victim's account.
- The attacker may also monitor the victim's mailbox and then use the information from the victims messages to launch a Bank Account fraud attack when the victim is negotiating a transaction which involves a bank payment.
Fraudulent Banking Details
- A major ongoing problem in business today is the forging of banking details.
- It generally works like something like this:
- You order a service from a supplier.
- You receive an invoice from the supplier.
- You receive some e-mail correspondence advising the suppliers bank account details. But that e-mail has been tampered with and the bank details replaced with the Fraudsters bank details.
- You pay the supplier but the money goes to the Fraudster's account.
- But the time you and your supplier realize that something is amiss, the money has been withdrawn from the fraudster's account and is not recoverable.
- Note, the onus on the person making the payment to take due care to ensure that they are paying to the correct account.
- Even if your e-mail is totally secure and your suppliers mailbox was corrupted. You may still be liable for the damages if you pay into the wrong account!
- Always check banking details, eg by phoning someone you know at the supplier, before making a large payment into a new banking account, or changing the bank account details of an existing supplier.
- A lot depends on the details of the situation, but you do not want to have to end up in a court case with your supplier, while the fraudster gets away with your money.
- The bank's terms and conditions will exclude them from any liability and they are unlikely to compensate for any losses.
- The Fraudsters often have a detailed understanding of the Bank's internal procedures.
- Note e-mail is just one tool in the whole fraud process. We have seen documents from banks and letters signed by directors, that look 100% "legitimate", except for the details of the bank account numbers, which have been altered.
- We have even heard of a fraudster's phoning the victim to add authenticity to the scam - the fraudster spoke fluent Afrikaans.