Deutsch
English
Mails with serious content in an official tone, final notices or seemingly technical issues are enough to unsettle most readers. Often, this is an attempt at cheating you out of your money as I described last week. How can you catch on to the scammers, where do they give themselves away? The first step is to realize that your personal information is already in the wrong hands.
How do hackers manage to steal your information?
Phishing mails seem twice as credible when they already contain the correct name, address and even your bank information. This information can come from various sources. Maybe one of the companies you recently dealt with was hacked. Entire collections of stolen user profiles are available for sale on the dark web, the part of the Internet that requires specific software and authorization that is frequently used by criminals. Have you ever had a Trojan on your PC? This type of malware collects your every input and can create extensive user profiles. Have you recently participated in an online raffle or similar offers that require you to provide your personal data? Hosters of free services finance their offers through the sale of customer data sets among other things. It pays to think twice before you give away your real name, address and bank information. It's easy to change your email address but your place of residence or your bank account? Not so much.
How to identify phishing mails
Look for irregularities. Did the sender write to you before? What about spelling and syntax? For example, many scammers use Google Translate to create mails in foreign languages. These mails contain valid words but in weird combinations. As native speakers, your bank, PayPal or whoever supposedly wrote them usually do much better.
Time's running out!
That's the essence common to many phishing mails. Unless you're facing bankruptcy or love to collect final notices no respectable company will write to you in this manner. This pressure is built up to make you act rashly, give away your data or make that urgent transfer. But frozen bank accounts and property seizures are always the last resort and don't happen over night. So stay calm, think and contact the companies mentioned through regular channels (phone / email). Don't use the contact address provided in the mail as this may lead you to other criminals that will try to convince you of its validity.
No bank requires your data, PINs or TANs! Whenever you're prompted to input your user name, password or even transaction codes, something's fishy. The authors of such emails are crafty in finding new reasons for you to "confirm", "verify" or input data for "further processing". Your bank already has all the information otherwise you wouldn't be able to log into your account in the first place. Scammers also like to pretend that your account has been suspended or hacked. Again: Call your bank and sort things out. If a wave of spam mails is under way, your bank will most likely clear this up with you quickly.
D on't open attachments and don't click on any links if you're uncertain about their contents! Even good antivirus software cannot provide 100% protection against all Trojans and other malware. Very popular: Links hidden in a PDF document (e.g. to display the status of your package delivery) that will lead to a download link for a Trojan so the original attachment is clean but the link target is not. Bad!
It's unlikely that you're the first to receive this mail. Numerous sites deal with this topic and provide up to date examples. If you find weird phrases simply copy them into Google Search. In all likelihood, you will quickly discover fellow users with the same problem so the issue gets resolved soon.
Scammers are currently using a new scheme on Facebook. Using fake profiles that resemble those of your friends, users will ask you for your cellphone number. Instead of a message, you will receive an SMS with a code. While you're still trying to make sense of this, your "friend" will then ask you for that code. If successful, you will be charged for the message by common payment providers such as PayPal, Buy with Mobile or their offspring Zong on your next cellphone bill. Solution: Adjust your privacy settings so that only your friends can view your list of Facebook contacts.
Does the mail contain links? Simply hover your mouse over them, don't click. Most email applications will already display the link target this way. Make sure it's the right company and pay attention to every detail as scammers tend to use addresses that are very similar to the originals.
If you're willing to dig a little deeper into the technical details, you may also want to analyze the email header. Because what is usually simply displayed as a name in our email applications contains a lot more information than that! Visit iptrackeronline for further details.
Still uncertain? Visit the company site the mail supposedly refers to (before you open any attachments or click on any links in the mail!) and log in as usual. Whether it's your bank, Amazon or PayPal, if the mail is legitimate, you will find similar messages or notifications in your user account. If there aren't any feel free to delete the mail.
You see, the best security system still sits between your ears! Be vigilant and stay calm when you receive mails you can't immediately make heads or tails of. Run a full virus scan. Most Trojans will be detected and eliminated by your antivirus program. Modern online banking methods, alert users and good antivirus applications are making it harder for these phishing attacks to work yet the yearly damages caused are estimated to be in the billions. And even if the worst happens, you're not alone. Back in 2009, highly indecent sexual statements seemingly made by English MPs attracted a lot of attention on Twitter. These MPs had carelessly entered their user names and passwords in response to a phishing mail.
What I would like to know since damages caused amount to billions of dollars: Have you been the victim of a phishing attack or have you avoided the threat and if so, how?
Thanks for the tips.
I often encounter phishing sites and suspicious emails. The meaning of the letters is largely confined to material and financial interest. Here are some excerpts:
- earn in one day $ 500,
- you have won a prize and to obtain the necessary your personal data
- looking for heir to $ 30 million, your data fit the description.
Of course the letters are accompanied by a link that also may not be safe.
So who is very inquisitive and wants to know who cares about You, then send reply with a temporary e-mail and never open your personal data, not to mention the credit card or other payment systems.
The most obvious check for me is to see to whom the email is addressed. If it is to your account name rather than your real name e.g. Dear bling54321 then it is Guaranteed to be a scam. DELETE the email without opening (as even that prompts them that they have a live prospect). Never open/view ANY attachments, they are bound to be time bombs. Never click a link without checking first, even if they come from a friend. And as you say, threats are an obvious ploy to make you panic - stay calm. It's a dangerous world out there so always think first before clicking that mouse.
Very good advice for all of us.
на рахунок синтаксису та пунктуації далеко ходити не потрібно.усім відомо, що відбувається на Сході України.ватні товариші з Московії стараються фальшиві листи чи прокламації подавати як звернення від військових або волонтерів. тепер є ще один вид шахрайства який розповсюджений в Україні ( з теперішніми реформами не диво,що проходить).дзвонять на мобільний, переважно вночі називаються родичем і з плачем повідомляють, що потрапив у аварію, збив людину, потрібні гроші щоб залагодити справу на місці.тому ,поки подібні технології не дійшли у Європу пишу про всяк випадок.
Це дуже цікаво!
Older and wiser is sometimes true. A few months ago a friend request showed up on Facebook. The photo, name and profile looked exactly like a long time friend. Of course I said yes.
Sven he and I were chatting and he tossed my a link. Guess what I did without a thought? 20 or more tabs opened, and strange as it may seem, the first tab had all my information. Thankfully credit card companies and banks have serious protection. They immediately froze my accounts with no loss of dollars.
Excellent and highly topical article. I will share it with my friends minus one. Facebook is quick to react when a fake profile is reported to them.
A while ago I received a landline call from a person who claimed to be representing Microsoft, and needed access to my computer to address a problem that Microsoft had received from my computer several times over a period of time. The person insisted that I log on my computer, and then he would guide me over the phone, and he would in turn resolve an issue that Microsoft had picked up on. I asked him where he was phoning from, and he said California in the USA. His accent certainly was not American, and I refused to carry out his request, He persisted in his request, but my reply was that my computer is no where near the phone. He then suggested using a cell phone if I had one, to which I replied that I had, and he phoned me through my cell phone. Now I am in South Africa, and this whole thing sounded suspicious, I still did not acquiesce to his persistence and ended the call. I then checked my incoming calls register and learned that the call was made from a place just outside of Helsinki in Finland. Did I escape an intruder or not?
Many, probably more than many computer users do not see, read, hear, listen, look or know anything about scams and phishing.
Why does this happen, because the many, many computer users never 'click' ouside their comfort zone to learn how to avoid the infiltration of their privacy, and there are very few lessons in the various public media reports.
In Australia last year the Australian Competition & Consumer Commission recieved 91, 637 complaints relating to money stolen in scams and phishing, the money totalled AUD$81,632,793 million.
The ACCC urge consumers to "Get smarter with their data", but many, many, many don't, so we go back to square one.
I got one last year telling me that a long lost relative of mine had died...they used my surname... and left a small fortune and that they were willing to share the inheritance 50 50 if I sent them details of where to deposit the money.
As if !!!
Random thoughts:
Always have at least two, perhaps more, different email addresses. The address you use for shopping or Facebook should be different from the email you use for government or financial matters.
Unless their IT design is a total screw up, bank staff etc will NOT KNOW your login password, because passwords are stored in non-reversible encrypted form, such as PBKDF2, bcrypt etc. So there would be no legitimate point in asking you for that information.
Within companies, I've read that a simple extra defense is to give senior staff emails addresses that are different from the web facing company address. i.e. ceo@)alternative(dot)com instead of ceo@company-name(dot)com.
And in companies, the culture should always allow even junior staff to query suspicious looking emails from superiors without getting into trouble for it.
Use an email client that downloads only the headers, not the body of the email and don't download them until you have inspected ALL the header text and determined its real source from the 'Received: from" and "Return path" fields. Viewing the raw text can be enlightening too. Watch out for minor spelling differences such as foreign accents, eg PàyPàl is a definite threat.
That way any dodgy HTML, infected JPEGs, dangerous attachments etc. will remain on the server, not in your computer, and can be safely deleted.
If your email client doesn't let you do that, get one that does. For some reason, many email clients aren't set up to do that as standard, they should be.
Set your 'View' options TO SHOW extensions for known file types, then you can spot dangerous attachments with masquerading as data files that are really executables, such as ones that show as "Document.doc" but are really "Document.doc.exe". Again, the default setting in Explorer is dangerous.
à
I always copy the link if possible and paste it onto my note pad also I can send the link of to Kaspersky my chosen security software to check.
I don't know how relevant this is, but it seems that the internet industry (is there such a thing) is equally at fault. For example, look at all the phishing links on Yahoo! This are attached to various headlines that use that clever social engineering ploy that plays on human curiosity, greed and so on.
The big players o the internet should filter out fakes and take all steps possible to ensure their users are only seeing and dealing with legitimate links.
I might add that I'm not singling out Yahoo - I'm a Yahoo user so I'm familiar with it but others such as MSN are similarly afflicted.
My best method is to hover the mouse over the link they are telling you to click. Invariably this is a giveaway, as the address is demonstrably fake, not the address of the bank or company the mail purports to be from. (I don't click on the link anyways but it is nice to find proof that the mail is phishing.)
And, yes, John Everingham, touch screen are hell!
I really appreciate Sven's clear and no nonsense advice on computer use and I pass them on to my wife.
It strikes me that the latest fad for touch screens plays straight into to the arms of scammers as there is no way to see where a link will take you until you have clicked it.
Thank you a very informative article which I will put to very good use.