Staying Safe & Secure - Spam & Phishing
As we have been providing IT consultancy and IT support in Glasgow and Edinburgh for over 15 years now at Red Mosquito we see a lot of different email and web related scams being attempted on our customers, sometimes successfully. Unfortunately, in this day and age, the bad guys on the Internet (known as cybercriminals) are pretty good at getting you to click on a link or open an attachment in an e-mail. After all, that's how they make their money.
Being in the IT support business in Scotland Red Mosquito is on the front line in fighting this kind of thing and when the criminals get it together to make it work, unfortunately, it can lead to serious financial loss.
Fraudulent E-Mails and Phishing
Phishing attacks use email and / or malicious or bogus websites to collect personal and financial information or infect your machine with malware and viruses.
Spear phishing is a highly specialised attack against a specific target or small group of specific targets to collect information or gain access to systems or otherwise maliciously interfere. For example, a cybercriminal may launch a spear phishing attack against a specific person at a business to gain credentials to access a list of customers. From that attack, they may launch a phishing attack against the customers of the business. Since they have already gained access to the network via the initial exploit, any email they send to the customers may look even more authentic and because the recipient is already a customer of the business, the email may more easily make it through filters and the recipient may be more likely to open the email. If you are a cybercriminal this is all good news.
How It Works
Commonly a phishing attack works something like this; you may receive an official looking email that looks just like it came from your bank or building society, an e-commerce website, government agency or any other official service or business. It may ask you to act quickly because your 'account has been compromised' or an order 'cannot be fulfilled' or similar. Essentially the sender is hoping that you will blindly follow their bogus instructions to click on a link which might take you to what looks and feels very like your bank's or online shops website. It is very easy for a scammer to create a bogus website that looks exactly like that of your bank or supplier etc. to the uneducated eye it IS the bank's website. However, if you provide your bank details to the site as requested you are probably giving them everything they need to plunder your bank account online or otherwise defraud you.
Obviously the starting point to all this sorry tale is the original bogus e-mail. Spot this in your Inbox or otherwise eliminate it and you avoid the problem in the first place. Unfortunately for the inexperienced, deciphering whether an email is genuine or not can be a minefield. However, the best place to start if you are unsure whether an email request is legitimate is to try to verify it with one or more of these steps:
- Contact the sender directly e.g. simply put, get their number from a known legitimate source and lift the phone and ask them!
- Contact the company using information provided on an account statement or back of a credit card. (NOT from the email your are suspicious of! You may be contacting the scammers)
- Search for the company online, again NOT using information provided in the email which could be completely bogus.
Remember, if there is any doubt at all about the authenticity of an email, don't even open it and ESPECIALLY don't open any attachments or follow any links. Don't click on a link to 'see where it goes.'
Spam is basically junk mail sent to you by persons unknown. The term refers to unsolicited, and usually unwanted, email. It can be a source of annoyance and a real time-waster as you sort through your Inbox separating the real emails from the dross. More than that though, it can bring malicious phishing e-mails or viruses into your Inbox.
Fortunately there are some very effective ways to reduce spam:
- Red Mosquito offer Mosquito-Net our industrial strength managed spam filter service from £0.50 per user per month. Mosquito-Net strips our spam mail before it gets to your computer meaning you spend less time dealing with it and are less prone to receiving malicious emails. Speak to your account manager or call 0141 348 7950 for more details.
- Report spam: Most email client software offers ways to mark an email as spam or report instances of spam. Reporting spam can also help to prevent the messages from being directly delivered to your inbox.
- Protect your self by owning your online presence: You can hide your email address from online profiles and social networking sites or only allow certain people to view your personal information. Consider using a free email address such as GMail or Hotmail when giving your details to a third party you are maybe not so sure about.
- Enable the spam filter on your email programs e.g. Microsoft Outlook.
The cybercriminal can use even more devious social engineering efforts such as indicating there is an important technical update or new lower pricing to lure people. If you use Mosquito-Net we can whitelist the senders address or their whole domain, meaning you never need to hear from them again.
Spam & Phishing on Social Networks
Spam, phishing and other scams aren't limited to just email. They're also prevalent on social networking sites. The same rules apply on social networks: When in doubt, throw it out. This rule applies to links in online ads, status updates, tweets and other posts. There are ways to report spam and phishing attempts on all of the main social networks like Facebook, Twitter and Youtube.
How Do You Avoid Being a Victim?
- Don't reveal personal or financial information in an email, and do not respond to email solicitations for this information.
- Before sending sensitive information over the Internet, check the security of the website. Always use a credit card to make purchases online, never a debit card.
- Pay attention to the website's address known as its URL e.g. www.redmosquito.co.uk. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .co.uk) and never follow a link in an email that you are not 100% sure about.
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email. Information about known phishing attacks is available online from groups such as the Anti-Phishing Working Group.
- Keep a clean machine. Having the latest operating system, software, web browsers, anti-virus protection and apps are the best defences against viruses, malware, and other online threats. Using Red Mosquito's range of managed IT services and our desktop and server monitoring and support service means that this is all done for you automatically leaving you more safe and secure and with more time to concentrate on your own work.
- When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it's best to delete or, if appropriate, mark it as junk email.
- Think before you act: Be wary of communications that implores you to act immediately, offers something that sounds too good to be true, or asks for personal information.
- Secure your accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you verify who you are before you conduct business on that site.
- Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
- Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.
What to Do if You Think You are a Victim?
- Report it to the appropriate people within the organisation, including network administrators. They can be alert for any suspicious or unusual activity.
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s).
- Watch for any unauthorized charges to your account.
- Report the attack to the police. Whether or not they can do anything to help you you must file a report with them so that you can verify with your bank etc. that a crime has been committed.
Confused by all this?
You have a right to be. It's not easy making sense of all this, doing the right thing, keeping safe and still having all the time you require to devote to your own business.
Luckily help is at hand. Red Mosquito's managed spam filtering and security management solutions give you back control allowing you to concentrate on what is important to you. For a low fixed fee per month we manage, monitor and enforce robust security policies and services that can keep you and your computers safe.
Call 0141 348 7950 for more information or speak to your Account manager.