News

Phishing Goes Secure

Internet Phishing attacks used to be fairly easy to spot. The phishing communications were often full of grammatical or spelling errors, and linked to phony websites.

Increasingly malware authors are changing up their game. They are cleaning up the bad English and hosting their scam pages on websites using secure https:// connections.  These secure connections are signified through the use of the new “Green Lock Icon” in the browser address bar to make the fake sites appear more legitimate.

NOTE: What the green lock icon indicates is that the communication between your browser and the Web site in question is encrypted.  That’s it!  The Green Lock Icon does nothing to ensure that the site you communicating is a viable, safe site.

What can you do to make sure you’re not the next phishing victim?

Read Messages Carefully: Most phishing attacks try to convince recipients that they need to act quickly to avoid a loss or additional cost. This warning typically involves clicking a link and “verifying” account information.  Emails that emphasize urgency should be always viewed with extreme caution and under no circumstances should any actions suggested in the email be executed. 

Verify who sent the email: “From:” Fields in an Email can be forged. Just because the message says in the “From” field that it was sent by a friend or colleague doesn’t mean that it’s true. Information in the “From” field is where malware can connect with recipients and this detail easily forged.

Phishing Takes Many Forms: Increasingly, attackers are opting for approaches that allow them to install a password Trojan that steals all sensitive data.

Remember:

– Be very careful about clicking links, this should never be done

– Don’t open attachments in unexpected emails (Even if they appear to come from a colleague or friend)

– If You Didn’t Request It, Don’t Install It

Password stealing malware doesn’t only come via email; quite often, it is distributed via websites like Facebook or LinkedIn as software you need to install, missing codecs or file extensions needed to view embedded content.  The Internet is full of phishing scam variations that try to get recipients to install or accept malicious content.

Prompts from email attachments or websites requesting installation or updates should NEVER be clicked or allowed. Just Say “NO”!