What is a phishing email? And how to protect yourself.
Submitted by:There are no accurate statistics kept for the number of phishing attacks in South Africa, but in the United States there were 15244 phishing attacks reported in December 2005, that increased to 62765 in December 2014.
A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, identity numbers, or bank account numbers, that the legitimate organization already has. Phishing scams are crude social engineering tools designed to induce panic in the reader. These scams attempt to trick recipients into responding or clicking immediately, by claiming they will lose something (e.g., email, bank account). Such a claim is always indicative of a phishing scam, as responsible companies and organizations will never take these types of actions via email.
Types of Phishing attacks
- - General phishing emails use the shotgun approach, where the idea is if they send out to as many people as possible they will get some hits.
- - Spear phishing is usually directed at a specific person or company. As these attacks are so pointed, attackers may go to great lengths to gather specific personal or institutional information in the hope of making the attack more believable and increasing the likelihood of its success. The "Sony Hack" is an example of a spear phishing attack.
- - The term "whaling" is used to describe phishing attacks (usually spear phishing) directed specifically at executive officers or other high-profile targets within a business, government, or other organization.
- - Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. Examples of phishing pretexts You have won the lottery Your bank needs to update your information An email that says there is an invoice attached A business partnership the seems to good to be true, also known as a Nigerian 4-1-9 scam. The information on your account has been changed, if you did not request this change click on the link below to cancel it. You have received a package, for the package to be released from customs you must pay duties of R____. They will usually describe the contents of the package and it will always be very expensive items.
How to avoid becoming a victim
Be suspicious of any email message that asks you to enter or verify personal information, through a website or by replying to the message itself When you recognize a phishing message, delete the email message from your Inbox, and then empty it from the deleted items folder to avoid accidentally accessing the websites it points to. If you did not enter that lottery there is no way you could have won. Reading email as plain text is a general best practice that, while avoiding some phishing attempts, won't avoid them all.
What to do if you have been a victim
Open a case with the police as the very first step, then consult with a private investigator that also specialises in digital forensics to assist in tracking down the cyber criminals.
"We can usually track the individuals down to their computer, however we offer no guarantees because if they are expert hackers they would have bounced their email through a number of anonymous proxy servers around the world which then makes them impossible to track." said private investigator and digital forensics examiner Rick Crouch.
Media Contact:
Rick Crouch
Rick Crouch & Associates
Private Investigators & Digital Forensics
Mobile: 076.449.5263 | Web: www.rickcrouch.co.za
Statement by: Rick Crouch
Rick Crouch & Associates
Private Investigators & Digital Forensics