Information Technology
Phishing Scam Examples: What Your Employees Should Look for in Emails
Submitted by Thriveon Information & Technology
You have won a trip to Tahiti! Click to claim your prize!
Anyone who has ever used the internet has seen messages like this one. Hackers and thieves send them as bait to lure unsuspecting users into revealing personal information or downloading malicious programs onto their computers. The technique is commonly referred to as “phishing.”
Being vigilant for phishing attempts is one of the first skills we all develop when using the internet. You and your employees are probably pretty good at it already. But phishing attacks come in many forms, and even internet-savvy users fall victim.
Here are examples of common attacks to show your employees, so they become extra vigilant.
1) Requests for Help
"REQUEST FOR URGENT BUSINESS RELATIONSHIP... I HAVE BEEN DELEGATED AS A MATTER OF TRUST BY MY COLLEAGUES OF THE PANEL TO LOOK FOR OVERSEAS PARTNERS. HENCE WE ARE WRITING YOU THIS LETTER. WE HAVE AGREED TO SHARE THE MONEY AS THUS..."
This is an example of the so-called “Nigerian Scam,” courtesy of snopes.com. They masquerade as pleas for help from foreign representatives, who ask to use your bank account to move large sums of money. In exchange, they offer you with a small percentage of that money. These scams have been around since before the internet, but they’re still used today because they work. The appeal of free money, with the notion of helping someone, has allowed scams like these to swindle people.
PRO TIP: If it’s too good to be true, it probably is. Plus any international correspondence from an unexpected person should get extra scrutiny.
2) Security Alerts
"Hello! As part of our security measures, we regularly screen activity in the Facebook system. We recently contacted you after noticing an issue on your account. Our system detected unusual Copyrights activity linked to your Facebook account, please follow the link below to fill the Copyright form. If you do not fill the application, your account will be permanently blocked."
This example from Microsoft is a phishing attack disguised as an official message from Facebook. Because Facebook is so prevalent, the attackers can safely assume their targets probably have an account. By pretending to be a friendly security message, and by threatening to close the target’s account if no action is taken, scams like this one are very successful.
PRO TIP: Hover over (but don’t click) the link. If the window that pops up shows a different, non-company URL, you’ve probably discovered a scam.
3) Unexpected Official-Looking Messages
The first two examples had obvious clues that they were scams; however, this example is an exact copy of an official email from Google. Attackers can replace the “click here” link with a website designed to steal your data or infect your system.
These are the most dangerous phishing attacks, because there are no obvious clues that something is amiss. Be cautious around messages about your accounts that you aren’t expecting. They could be warning you of someone trying to log in to your account, but they could also be phishing attacks themselves.
PRO TIP: The best way to authenticate an email that claims to be from Gmail is to trace its full header. Also, beware that Google will never ask for personal information like a password via email.
Best Practices for Phishing Scams
• Don’t open it. Spam emails can contain malicious links or viruses that will trigger additional attacks, simply by being opened.
• Notify IT.
• Delete the email. After notifying IT of the message, delete it.
If even one person falls prey to a phishing attempt, your entire network could be at risk.
Thriveon is a MN based, family owned IT Management and Security Services provider, focused on providing World Class IT for SMB’s. Call us at (855) 767-2571 or visit www.thriveon.net.