Tag Archives: scams

Weekly Cyber Security News: 10th August 2018

Posted by on August 10, 2018 0 Comment

This is a weekly cyber security news update for the 10th of August 2018. This post is part of the weekly news series on cybersecurity with content curated by the hackers & experts at Security Brigade.

Pizza As  A Service 2.0
A unique and upgraded take by Paul Kerrison to describe the various types of cloud services available for modern IT deployment.

Pizza As A Service IT 2.0 Cloud Deployment

Read More

Optus Email Scam Target Customers with Fake Late Payment Penalties
The fake emails are sophisticated and use a web address that looks like the real Optus website. The email contains a link to a fake ‘pay your bill’ page, which then asks for your credit card details.

Optus Phishing Email

The fake email and payment form are cunningly crafted to trick people. It’s important you check the legitimacy of email links to protect your personal information—use contact details you find through a legitimate source and not those contained in the suspicious message.
Read More

2.6 billion records exposed in 2,300 disclosed breaches so far this year
After a surprising drop in the number of reported data breaches in the first quarter, breach activity appears to be returning to a more “normal” pace.

Incident Breach Healthcare Security

“2018 has been a curious year. After the wild ride of 2017, we became accustomed to seeing a lot of breaches, exposing extraordinary amounts of information. 2018 is remarkable in that the number of publicly disclosed breaches appears to be levelling off while the number of records exposed remains stubbornly high,” said Inga Goddijn, Executive Vice President for Risk Based Security. “It’s not easy to characterize 2.6 billion records exposed as an improvement, even if it is less than the 6 billion exposed at this time last year.”

Read More

Healthcare Industry Cyber Woes continues, UnityPoint Health’s 1.4 Million Records Breached
UnityPoint the healthcare company was recently breached as their employees were scammed with phishing emails, losing their email credentials in the process. Other than patient records, non-medical personally identifiable information like driver’s license numbers and Social Security numbers.
Read More

5 Steps to Avoid Phishing Scams in E-mail

Posted by on December 25, 2012 3 Comments

Anyone with an e-mail account, has at some point of time received phishing or scam e-mails. These range from Nigerian Princes to Local Banks requesting funds, assistance and so on. Some of these e-mails may be legitimate (sans the Nigerian prince), however most of these are a common technique known as phishing. Phishing scams are used by fraudulent scammers to get your personal information such as credit card details, username password, banking details and so on.

A friend of mine recently received an e-mail from his bank informing him that “his account was accessed from a blacklisted location and he should update his account information to avoid termination of services”. On opening the link, it presented him with an identical login form of the banks net-banking portal. Only this form asked for information such as Corporate ID, User ID, Login Password, Transaction Password, Mobile Number, Email Address and Email Password.

Phishing Evidence
Sample Phishing Page

Anytime you receive such e-mails, you should keep the following in mind:

  • Banks will never ask you to provide account or other personal identification information via email.
  • Banks will never ask you to click a link in-order to keep your account open.
  • Banks will never threaten to take immediate action unless you perform an act such as clicking a link etc.
  • Banks will never ask you to login with your e-mail account username & password.

Today, these sort of attacks commonly take place against e-mail accounts, social networking accounts and even targeted attacks against corporate users.

Here are 5 simple ways one can take to avoid becoming a victim to any such phishing attacks:

1. Avoid clicking links in phishing or scam mails and instead manually type them in a browser

Scammers often use links such as “baank.com” instead of the legitimate website “bank.com”. So it is recommended that you should manually type in the website link in the browser as opposed to clicking links in the email.

Fake-Link-300x108
Sample Phishing Mail – Fake Link

In the case where the e-mail seems urgent, you can always call the bank and confirm whether the e-mail was really sent by them.

2. Check the sender address in the phishing or scam mails

Scammers usually send phishing mails from addresses like “[email protected]” or “[email protected]”. So we can easily identify a phishing mail by making sure that the email received is from a legitimate sender.

Fake-Email
Sample Phishing Mail – Fake Email

You can refer to any previous e-mails sent by your bank and cross-reference the address in the suspicious e-mail.

3. Verify SSL (https://) authenticity on phishing or scam links

Generally, phishing links either have no SSL or use an invalid SSL certificate. This can be verified by simply viewing the link in the address bar of your browser and check if it starts with https:// instead of http://.

If the SSL certificate is not valid, then your browser will immediately show an error, in which case you need to stop browsing the link and report the e-mail to your bank.

Example of SSL certificate error in Firefox, Chrome and Internet Explorer are shown below:
SSL Certificate Error

4. Avoid replying with sensitive information to phishing or scam mails

Banks will never ask you to provide account or other personal identification information via email. Any email enforcing you to do so is most likely not legitimate and should be reported to your bank.

Banking details and login credentials should be communicate via telephone or through the legitimate website using proper SSL communication.

5. Keep your anti-virus up-to-date to detect and block phishing or scam mails

Most antivirus vendors have signatures that protects user against some common phishing attacks. Hence it is recommended that your anti-virus is kept up-to-date so that it would have the latest signatures and rule sets.

Also, it can prevent things such as a Trojan disguising your Web address bar or mimicking an https secure link. If your antivirus software is not up-to-date, you are usually more susceptible to attacks that can hijack your Web browser and put you at risk for phishing attacks.

For Windows users, we would recommend the free version of Microsoft Security Essentials available on the Microsoft website.

If you have or do come across any such phishing incident, you can report it to CERT-In (CERT-In (Cyber Emergency Response Team of India) at [email protected]