• BONGO IT BLOG

Phishing And E-mail Spoofing, What To Look Out For.

Phishing is one of the most common and consistently used forms of online scams. These scams target users and attempt to find out their personal data. This kind of personal attack is based on deception, much like many real-life scams and frauds. Often no viruses are used and it all falls to the fault of the user, which makes them particularly dangerous.

Email Spoofing

Email spoofing is the most common form of phishing. This is often recognised as the old-fashioned spam emails similar to "You've inherited $1,000,000 from a long lost relative" in which people would give up their Debit card details to receive their non-existent inheritance. Most people do well to not fall for these older scams. Most online email services also block these emails from known scammers anyway, so most don't even reach your inbox.

The more modern version of email spoofing is more dangerous and more deceiving though. It often begins with someone on your email contact list having an unsecure password, or having not changed it in several months. Hackers can then use software to quickly figure out the password of the email and set it up for a scam.

Often, if scammers see that there are family members on your contact list they will send emails from your own address to all your family members. These emails are often similar to "I am stuck at an airport and need money to buy a ticket, please help" or something along those lines. Scammers will use your personal connections to your contacts to steal their money. If you have customers for your business on your email contacts, then they too may receive fraudulent emails. Below is an example:

 

This may well seem like a casual, or even an automatic, invoice notice but the supposed sender of this email, never sent it himself. Several tell-tale signs for email scams are: inconsistency with grammar/spelling (if the usual user talks via email in a certain way e.g. always casual or always formal), the lack of a signature or disclaimer at the bottom, ending with "from", "Best Regards", etc., and then the entire email of the sender and not their personal name, saying to contact only via the email of the sender and not the accounting department or via a phone number.

Scam emails will always use a false URL link to send you to their pre-made detail stealing website where you will enter your details if you have fallen for their deception. If you are unsure of anything regarding an online email, call the sender. Most companies understand that there are several scams causing people to not be entirely trustworthy of every email they see and will therefore be happy to confirm what is and isn't real for their customers. 

Spoofing emails will often have a piece of code that will send you to a different url to the one you think you are clicking on. For example you may click on "www.google.co.uk" but instead it takes you to a scam site that will ask for your details. These sites are designed by attackers to look identical to the original to fool you. Often you will be sent to a fake payment sie such as paypal.

The link below is an example that we have made:

http://example.com

You will click on that link, thinking it will take you to "example.com" but it actually takes you to "www.bongoit.co.uk". If we were scammers we would make our website look just like Paypal or a similar service to fool you into trusting the site and giving up your details. Scammers will often make URLs a lot shorter (like in the first example) so that you have even less of an idea of where the link could take you. If you are unsure of a link in an email, then you can view it in "plain text" and it will usually show you the full URL.

 

How to Find Out When to Change Your Passwords

 

You should regularly change your passwords and keep them secure. Be sure to use non-dictionary words and special characters such as "@:{]~#?/|+_*&^%" to prevent brute-force hacks. You can also check to see if your email address has been leaked on the websites that you have signed up to at "Have I been Pwned?" (https://haveibeenpwned.com/). This website will tell you of any data breaches that have happened, that could have affected your email.

 

If you'd like more details on how to combat cyber-crime and scams, be sure to contact us!

Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

Buying New Hardware? What To Look Out For:
What Is A Smart Office?
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 17 December 2018
  • FREE IT STRATEGY SESSION

  • At Bongo IT, we know that technology is increasingly dominant and crucial to maintaining business performance and productivity.

    Organisations should make sure they are making the right IT decisions for their current needs, whilst also planning for the future with flexible and scalable solutions.

  • As a special offer, we are offering a FREE one hour consultation to address your current IT setup and recommend an effective strategy for your future requirements.

    Addressing issues such as computer hardware, broadband, data security, file sharing, compliance and more, we’ll help you build a plan and ensure you deploy the most cost-effective IT strategy for your company’s needs.

CONNECT WITH US

READ OUR BLOG

So here we are, waiting for Microsoft to iron out the bugs before we delve into the new exciting features Windows 10 brings to us. Here are those new features i...
Before going into detail about these bugs the first thing to know is the lifecycle and nomenclature of Windows 10 products. When we talk about updates, we use n...
You have been running your business / charity / CIC on mostly free software and are getting by, so do you really need to invest in a "centralised system"? ...
As you are probably aware, new laws under the general data protection regulation (or GDPR) are now in full force. In our previous blog we covered two-facto...
Two Factor Authentication (2FA) is a quick and easy way to greatly increase your level of security when logging into your systems. Two factor authenticatio...