Differences between revisions 19 and 20
Revision 19 as of 2019-10-22 19:21:01
Size: 6396
Editor: Ian
Comment:
Revision 20 as of 2019-10-22 19:21:57
Size: 6386
Editor: Ian
Comment:
Deletions are marked like this. Additions are marked like this.
Line 14: Line 14:
 * This is one of the simple things that Fraudsters exploit to try and trick the recipient.
  * Eg if you receive an e-mail from "Bill Gates - Microsoft Corporation <fraudster@hacked-mailserver.ru>"		  * This is one of the things that Fraudsters exploit to try and trick the recipient.
  * Eg you receive an e-mail from "Bill Gates - Microsoft Corporation <fraudster@hacked-mailserver.ru>"

Phishing Mail - Cautions

Contents

  1. Phishing Mail - Cautions
    1. E-mail Addresses with Spoofed "User Friendly Names"
    2. Malware Attachments
    3. Passwords Phishing
    4. Fraudulent Banking Details

"Phishing" is a means of fraud where the attacker tries to look like someone else to trick the victim into giving away personal information. For a better explanation see https://en.wikipedia.org/wiki/Phishing. Many Phishing attacks are conducted with totally valid e-mail messages which do not get blocked by anti-spam and anti-virus filters. This is a brief list of active "phishing" attacks that are regularly experienced by our clients.

E-mail Addresses with Spoofed "User Friendly Names"

  • E-mail addresses always have two parts separated by an "@" sign, like "bill.gates@microsoft.com".

  • But because this looks a bit like machine language there are extensions which allow you to set up a "User Friendly" name for yourself and your organization in your e-mail address. Eg "Bill Gates - Microsoft Corporation <bill.gates@microsoft.com>".

    • The real address is the part in the "<>" brackets, ie <bill.gates@microsoft.com>

    • The rest is a "User Friendly" label to make it look nice for the human reading it "Bill Gates - Microsoft Corporation". It has no effect on the delivery of the message.

    • MANY e-mail programs will display the pretty part "Bill Gates - Microsoft Corporation" and hide the dirty details <bill.gates@microsoft.com>.

    • But if you look carefully you should find the 2nd part. Eg by hovering over the address, or when you click reply.
  • This is one of the things that Fraudsters exploit to try and trick the recipient.

    • Eg you receive an e-mail from "Bill Gates - Microsoft Corporation <fraudster@hacked-mailserver.ru>"

      • You may first notice "Bill Gates - Microsoft Corporation" and think it is a message from your friend William.

      • But if you look a little closer you will notice <fraudster@hacked-mailserver.ru> - then be careful with that message!

Malware Attachments

  • One of the most common methods of attacking an e-mail user is by sending them an attachment which contains "malware" - ie a program that is designed to do something bad. Old e-mail client programs could automatically open an attachment and even run it, without the user doing anything, if the settings were set to be "user friendly". Fortunately most of these programs which were insecure by default, are now obsolete. Modern e-mail programs have "protections" and "warnings" and many users have "anti-virus" software which provides even more "protections" and "warnings".
  • Fraudsters will then try and "trick" the user into opening malware attachments. Eg:
    • You will see a message "In order to read this attachment you must":
      • click on a link
      • download a new version of a program
      • change a setting on your computer
    • Never do any of the above! At this stage if you really need to know what is in the message, phone the person who sent it to you, or ask someone for their advice.
  • It is important to understand that the Fraudsters cleverly engineer their attacks such that some recipients are tricked sometimes. Technology alone cannot "protect you from yourself" and recipients are tricked into overwriting the protections provided by the software.
  • Unfortunately there are other times when it may be necessary to overwrite these same protections. Don't do this lightly and don't do it if you are not 100% certain about why you need to do it.

Passwords Phishing

  • The next common form of Phishing attack is one which tricks the user into giving away their Passords. You may receive a mail with a message like:
    • click here to verify/reset/confirm your e-mail account. When you click on the link it asks for a username and password. The site on the other just collects these and passes them on to the Fraudster.

    • a payment has just been made to or from your bank account, click here to confirm or reject the payment. The links asks for your banking username and password :-(

    • If you are using a website that you need to enter a username and password, first check the address in the address bar at the top of your browser.
    • Type the address in by hand, don't get to it by clicking on a link.
  • Once again the attack is aimed at tricking the user, which can sometimes be done within the framework of a technically legitimate e-mail.
  • The credentials stolen in this way are often used for sending out spam through the victim's account.
  • The attacker may also monitor the victim's mailbox and then use the details to launch a Bank Account fraud when the attacker notes the victim is negotiating a transaction which may involve a bank payment.

Fraudulent Banking Details

  • A major ongoing problem in business today is the forging of banking details.
  • It generally works like something like this:
    • You order a service from a supplier.
    • You receive an invoice from the supplier.
    • You receive some e-mail correspondence advising the suppliers bank account details. But that e-mail has been tampered with and the bank details replaced with the Fraudsters bank details.
    • You pay the supplier but the money goes to the Fraudster's account.
    • But the time you and your supplier realize that something is amiss, the money has been withdrawn from the fraudster's account and is not recoverable.
  • Note, the onus on the person making the payment to take due care to ensure that they are paying to the correct account.
    • Even if your e-mail is totally secure and your suppliers mailbox was corrupted. You may still be liable for the damages if you pay into the wrong account!
    • A lot depends on the details of the situation, but you do not want to have to end up in a court case with your supplier, while the fraudster gets away with your money.
  • The bank's terms and conditions will exclude them from any liability and they are unlikely to compensate for any losses.
  • The Fraudsters sometimes seem to have a better understanding of the Bank's internal procedures than the bank staff themselves.
  • Note e-mail is just one tool in the whole fraud process. We have seen documents from banks and letters signed by directors, that look 100% "legitimate", except for the details of the bank account numbers, which have been altered.
  • We have even heard of a fraudster's phoning the victim to add authenticity to the scam - the fraudster spoke fluent Afrikaans.

Office: Support/Mail/PhishingMail (last edited 2019-10-23 05:24:56 by Ian)