Web Lease USA site http://www.webleaseusa.com Wed, 28 Dec 2011 16:40:02 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 E-Mail Security – Phishing http://www.webleaseusa.com/2011/06/e-mail-security-phishing/ http://www.webleaseusa.com/2011/06/e-mail-security-phishing/#comments Thu, 16 Jun 2011 19:10:27 +0000 admin http://site.webleaseusa.com/?p=102

Recently, we received an email from a client’s personal hotmail account that struck us as very odd:

Subject: VERY URGENT!

Message: Hi, Sorry to disturb you with this.I’m out of the country on a sudden trip to London hoping to return befor thursday 24th of March but right now i am in a terrible situation and I really need a help. I’ll explain the situation better and refund you immediately i get back this weekend. Your support will be greatly appreciated. Please let me know will it be possible and please keep this between us.I do not have access to calls, Please reply. Thanks

We contacted this client and found out they were, in fact, NOT in London and NOT in a terrible situation. We advised them that their email account was likely compromised and that they should log in, change their password, and inform their contacts about the SPAM sent from their account. Upon attempting to Log In, they discovered that not only was their account compromised, but the password changed, blocking their access. Now that client has to go through the process of recovering the account to prevent future SPAM to their contacts.

In the hopes of preventing this from occuring to anyone else, we offer up the following tips on recognizing and preventing PHISHING emails.

Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in anelectronic communication.

-WikiPedia.org

Recognizing Phishing Attempts:

  • Watch for emails where the subject or the message content is claiming to be urgent or immediate. Many of these false emails will claim that your account/service/etc. will be cancelled or shut off immediately if your account information isn’t verified or updated, often providing a link or requesting an email reply to verify.
  • Watch for emails claiming you have won a prize or a contest. Many of these emails will be from something you don’t recall entering or even have ever heard of. That should be your first sign. If you have no clue as to what they are referring to, chances are it isn’t legit. Even if it looks or sounds familiar to you, proceed with caution. As they say “There’s no such thing as a free lunch”.
  • Be wary of emails sent from familiar (or authentic sounding) email addresses. It is possible to “fake” an email address, making it appear as if the request is coming from your service or a friend/contacts email address. (i.e. from hotmail.com or microsoft.com) The emails may appear to come from an acquaintance or contact you know personally. In these situations, be aware of odd sounding emails that don’t sound like them, or that just stand out as feeling out of place. It is possible that their account has been compromised and more SPAM emails were sent out to their entire contact list. In situations where you just aren’t sure, give them a call and ask them directly, they should probably know if their account was compromised anyway.
  • Never click on links they provide. If you think that an email might just be legitimate, one sure way to find out is to NEVER click on the link they provide. Instead, type it into your browser yourself. For example, you may get an email from hotmail asking you to update your contact information. They provide you with a link that looks legitimate, http://www.hotmail.com/account-update.php , however, if you were to click this link it takes you to a totally different page that is designed to look identical to the original site, but your information will be submitted to the spammers. (in our example, clicking on that link will actually take you to our own homepage, showing how it is possible to cloak a link).
  • In similar fashion, be aware of close spelling links. You may get a link that points to www.hotmails.com/account-update  or  www.micosoft.com/account-info  Both of these URL’s might seem totally legitimate at a quick glance, and once you click on them the sites will probably look official.

If you are ever in doubt, go right to the source. If hotmail is supposedly threatening to shut off your account, go there on your own (not through a link) and find out that way. Never give out your account information, especially your password. It is very rare that any service will straight up ask for your password, or provide information they should already have (or never need).

As a disclaimer, not everything is SPAM. Your friends may very well send you something that requires your attention, and there may be situations where you need to update account information on a site. Just be smart, be aware, and be careful where and to whom you give your information to. If you ever feel that your security has been compromised it’s better to play it safe and update passwords (on your own).

 

Sources:
http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

http://en.wikipedia.org/wiki/Phishing

]]> http://www.webleaseusa.com/2011/06/e-mail-security-phishing/feed/ 0