Differences between revisions 10 and 11
Revision 10 as of 2019-10-22 18:54:44
Size: 4703
Editor: Ian
Comment:
Revision 11 as of 2019-10-22 18:55:18
Size: 4704
Editor: Ian
Comment:
Deletions are marked like this. Additions are marked like this.
Line 16: Line 16:
   * You may first notice "Bill Gates - Microsoft Corporation" and think it is a message from your friend William    * You may first notice "Bill Gates - Microsoft Corporation" and think it is a message from your friend William.

Phishing Mail

Contents

  1. Phishing Mail
    1. E-mail Addresses with Spoofed "User Friendly Names"
    2. Malware Attachments
    3. Passwords Phishing
    4. Fraudulent Banking Details

"Phishing" is a means of fraud where the attacker tries to look like someone else to trick the victim into giving away personal information. For a better explanation see https://en.wikipedia.org/wiki/Phishing. This is a brief list of active "phishing" techniques that are regularly experienced by our clients.

E-mail Addresses with Spoofed "User Friendly Names"

  • E-mail addresses always have two parts separated by an "@" sign, like "bill.gates@microsoft.com".

  • But because this looks a bit like machine language there are extensions which allow you to set up a "User Friendly" name for yourself and your organization. Eg "Bill Gates - Microsoft Corporation <bill.gates@microsoft.com>".

    • The real address is the part in the "<>" brackets, ie <bill.gates@microsoft.com>

    • The rest is a "User Friendly" label to make it look nice for the human reading it "Bill Gates - Microsoft Corporation". It has no effect on the delivery of the message.

    • MANY e-mail programs will display the pretty part "Bill Gates - Microsoft Corporation" and hide the dirty details <bill.gates@microsoft.com>.

    • But if you look carefully you should find the 2nd part. Eg by hovering over the address, or when you click reply.
  • This is one of the simple things that Fraudsters exploit to try and trick the recipient.

    • Eg if you receive an e-mail from "Bill Gates - Microsoft Corporation <fraudster@hacked-mailserver.ru>"

      • You may first notice "Bill Gates - Microsoft Corporation" and think it is a message from your friend William.

      • But if you look a little closer you will notice <fraudster@hacked-mailserver.ru> - then be careful with that message!

Malware Attachments

  • One of the most common methods of attacking an e-mail user is by sending them an attachment which contains "malware" - ie a program that is designed to do something bad. Old e-mail programs would automatically open an attachment and even run it, without the user doing anything, if the settings were set to be "super user friendly". Fortunately most of these were obsolete years ago. Modern e-mail programs have "protections" and "warnings" and many users have "anti-virus" software which provides even more "protections" and "warnings".
  • Fraudsters will then try and "trick" the user into opening malware attachments. Eg:
    • You will see a message "In order to read this attachment you must":
      • click on a link
      • download a new version of a program
      • change a setting on your computer
    Never do any of the above! At this stage if you really need to know what is in the message, phone the person who sent it to you, or ask someone for their advice.

Passwords Phishing

  • The next common form of Phishing attack is one which tricks the user into giving away their Passords. You receive a mail with a message like
    • click here to verify/reset/confirm your e-mail account. When you click on the link it asks for a username and password. The site on the other just collects these and passes them on to the Fraudster.

    • a payment has just been made to or from your bank account, click here to confirm or reject the payment. The links asks for your banking username and password :-(

    • If you are using a website that you need to enter a username and password, first check the address in the address bar at the top of your browser.
    • Type the address in by hand, don't get to it by clicking on a link.

Fraudulent Banking Details

  • A major ongoing problem in business today if the forging of banking details.
  • It generally works like something like this:
    • You order a service from a supplier.
    • You receive an invoice from the supplier.
    • You receive some e-mail correspondence advising the suppliers bank account details. But that e-mail has been tampered with and the bank details replaced with the Fraudsters bank details.
    • You pay the supplier but the money goes to the Fraudster's account.
    • But the time you and your supplier realize that something is amiss, the money has been withdrawn from the fraudster's account and is not recoverable.
  • Note, the onus on the person making the payment to take due care to ensure that they are paying to the correct account.
    • Even if your e-mail is totally secure and your suppliers mailbox was corrupted. You may still be liable for the damages if you pay into the wrong account!
  • The bank's terms and conditions will exclude them from any liability and they are unlikely to compensate for any losses.
  • The Fraudsters may have a better understanding of the Bank's internal procedures than the bank staff themselves.

Office: Support/Mail/PhishingMail (last edited 2019-10-23 05:24:56 by Ian)