I once ran into a phishing attempt in the form of a deactivation scare. This style of attack is very efficient, as it scares users into reacting by threatening to deactivate a critical account. This specific email threatened to deactivate a banking account and told me I had to follow a convenient link to reactivate it. It then asked for my login credentials such as my username and password; I am sure if I followed the instructions it would have asked for my debit/credit card information as well. While most of these kinds of attacks are easy to spot by looking for misspelled letters or poor-quality images, nowadays, they have evolved to be very realistic. This particular email even had indications that it was already scanned for malicious content by my antivirus program.
I feel that this phishing attempt was very well executed and if I had not known about these forms of attacks, I might have been a victim of it. I believe that many individuals would have not noticed the potential signs of malicious intent of this email and would have been scared to have their banking account deactivated. If their banking account was deactivated, it could have caused many problems such as failure to pay bills, loss of access to their funds, and a tremendous headache. Using fear in phishing attempts is an unfortunate but effective tool to convince an individual to give up sensitive information. These attacks are especially hazardous for those who are not tech-savvy, such as the elderly.
If I had to write up a procedure for a company manual promoting practical ways to prevent this type of attack, I would recommend several things to be done. A website’s address should always be verified to be the exact same as the real company’s official website address. Close attention should always be paid to items in emails and websites such as font, coloring, and low-quality images; these are all good indications of fraud. Recognizing when emails come from unrecognized senders is also important. Another helpful tip would be to remember that typically, companies do not ask for your login information over anything other than their trusted website. Before clicking or downloading any items or links, verify the website or email you are accessing is authentic, and never enter information in a pop-up window. Finally, any information that is threatening in nature is potentially hazardous. When in doubt, throw it out.
References:
Grimes, Roger A. (2017). 15 real-world phishing examples — and how to recognize them. Retrieved from https://www.csoonline.com/article/3235520/phishing/15-real-world-phishing-examples-and-how-to-recognize-them.html.
Identity Theft Killer. (2017). These 8 Ways To Prevent “Phishing Scams.” Retrieved from http://www.identitytheftkiller.com/prevent-phishing-scams.php.
Categories: Security
Securing The Universe 