When it comes to cybercrime, there’s no hunting ground more lucrative than the humble email account. Bank accounts, payment transfer accounts, data storage accounts … they’re all potentially accessible through the artful crime of phishing.
Phishing for Information
Mimicry is an effective means of gaining entry to somewhere for the purpose of committing a crime. (Not that I’ve ever tried it, of course, but I do know my Columbo.)
The most common phishing technique is to send an email in disguise. Messages that appear to come from your bank, for example – or a credit-card company, energy provider, or charity – might very well be emails from a scammer. They’ll look (almost) identical, and the scammers will be relying on the fact that we – their victims – won’t look too closely and spot the difference.
Look Closely at the
Most of us are in a hurry, most of the time, and it’s convenient to trust what we think we see. We’ve evolved the skill of mentally filling in the gaps, which is extremely useful in all sorts of ways, but disastrous in the context of cybercrime.
Look past the whole, and see the detail. Does the email contain bad grammar or spelling mistakes? Does it contain unexpected attachments? Is the email sent from a public domain – for example, gmail.com, outlook.com, or btinternet.com?
Hover your mouse over a hyperlink and you’ll be shown the URL. Does it look right?
Would you click on this link?
Hope not! Have a look at the authentic page URL, below. Note 3 differences.
What about this?
Can you spot the difference between my fake URL, above, and the real one, below?
Or this one.
… Okay, point taken: nobody’s going to subscribe to The Sun. But you get the gist. Here’s the real one – just in case you need it.
Top tip: don’t open attachments if you’re unsure about the sender.
So, the fake email ID has been dressed up to look like one you’re familiar with. There’s a dodgy website, waiting in the background. If you click on the link – for example, https://intemational.lloydsbank.com/ (with m in place of r & n) – you’ll be asked to provide your login details.
The email will try to lure you to this phony website.
Your bank has an urgent message for you. It’s vital that you log into your account NOW to resolve a problem. If you don’t do it NOW, your account will be closed.
Congratulations! You’ve won first prize in a competition! Claim it NOW or lose out!
… Hang on a minute. What competition?
Your friend is in dire straits. You must send money. NOW!
(Unless you’re mates with the Knopfler brothers, this probably isn’t true.)
Top tip: open a new window and type in the bone fide URL.
Ever heard the story of a revengeful ex-boyfriend/girlfriend breaking into their ex-lover’s home (using the key they didn’t give back) and trashing the place? It’s an old story, played out again and again through the years. It involves cutting up clothes, smashing precious items, stealing property …
… And now it also involves data theft, cyber vandalism, and revenge porn.
We know the story. We know how it can end. So …
Top tip: keep your passwords to yourself!
For expert cybersecurity services, visit Fortify247.