Home

Beware of phishing emails!

[id : 298] [19/08/2014] [hits : 58280]

fr  nl  

Phishing is a form of Internet fraude in which cyber criminals try to persuade their victims to provide personal information. Beware of any invation you receive - by email or other - which requires you to submit personal information onto a website or to send back that information by email.

Criminals abuse the logo and the identity from at first glance, looks like it's from a financial institution, a company, an online store, a government agency or the own employer or educational institution, in order to create misleading e-mails. You will receive the question to check your data that you have to fill in on the false website or to send them via reply.

By phishing on the phone, also called Social Engineering, the criminal is trying to get your personal information over the phone. Hereby he disguises himself as a representative of your bank, your technical support team, Microsoft or any other company who can easily gain your trust. The fraudster calls often with a hidden number and/or from abroad.


How to recognize false messages and what are the features of phishing? Below you find a couple of clues that can help you to verify the authenticity of the message.


1. Unexpected
If there's no reason to receive a message of this particular sender (you have not bought anything from them, you're not a customer, or the vague message comes from a knowledge that you have not spoken for a long time), then you better search for more clues about the authenticity of the message.

2.Pressing
Phishing contains often the question to act immediately. For example a second reminder for payment without receiving the first one, a friend or girlfriend who's in need... Keep it together by asking around before you go into the urgent questions that look suspicious.

3.Sender
Phishing seems to look often like it's from an official organization. Your bank, the police, your phone company... Be sure to check the e-mail address from the sender. If there're correction mistakes in the mail address or it doesn't look like the usual address, then it's possibly phishing.

The domain here is Telemet and not Telenet.
Be aware, clever hackers can also make the mail appear from an official account. So if you find an e-mail suspicious, is a legit e-mail address not an insurance that the e-mail is secure.

4.Type of question
Official agencies will never ask in good faith, by e-mail, SMS or telephone, certain information such as: password, bank details, or other personal information.

5.Information
The link in the message is an important clue. If you hover over the link with your arrow (but don't click!) you can see in many browsers the website link were it leads to in the lower left corner. If this doesn't lead to an official website, or a shortened link is (for example http://bit.ly/1MUISmu) existing out a few letters, it is most likely phishing.

BE AWARE: The link can contain the name of the organisation, but only the domain is the real website. The domain is the word stands before the.be,.com,.eu,.org,..., before the very first slash 147/148.
For example, with the link www.safeonweb.be/tips is the domain safeonweb, were you land on our tip-page. With the link www.safeonweb.tips.be/safeonweb is 145tips' the domain and that you will be redirected to entire different website.


The domain here is 145vibbe', not a bank!
You're better not clicking on links in a message where you have doubts about. You better go on the website to see where the link claims to lead.


6.Vague call title
Messages who contain general call titles and are not specific meant for you, you better mistrust them. Sometimes is the call title based on you e-mail address.

7.Language use
Weird messages with correction mistakes, are not trustworthy. Some fake messages don't contain correction mistakes anymore! So stay alert. Often are phishing e-mails in a different language then your official language.

8.Spam
A lot of phishing goes automatic to your spam or junk folder. This is because the senders are already known for sending phishing mails. You can mark the suspicious mails yourself as spam so that other are warned.

9.Awaken curiosity
Fake messages often contain a link who try to make you curious, like 147Look what I read about you148, 147Is that you on this picture?148. Don't click on these links. Sometimes can this kind of messagesbe received from a friends account who is hacked.

10.Paying method
Phishing often asks for a unusual and anonymous payment method; Paypal, Western Union, 3V Payment group,...

11.Appendix
Always beware of attachments in a suspicious message or from an unknown sender. Any kind of attachment (even a picture or document) can install a virus when you open it.
In case of doubt: ask around for more information.
If you een have the slitest feeling of doubt about a message, don't open the links in the message and contact the sender one way or another.

-In case of friends: contact them via phone, SMS or another social network 150 to ask if that message actually came from him or her. If this is not the case, delete immediatly the message and notify your friend that his/her account has been hacked.
With some social networks you have the option to mark messages as fake.

-In case of organisation/company: go to their website en check if there indeed a "urgent" action was required from you. If you cannot find anything, you can always contact the organisation via phone.

What to do with a phishing mail?

If discovered before opening, do not open this email. Sometimes when you open the mail, it can contain negative effects.
If already opened, never 150 not even by meaning of a 145' joke 150 answer. And never click on the link.

What if you clicked on a phishing mail link, and/or have given information?
If you've given information, via e-mail or website, it depends on what kind of information. Take action depending on the type of information. For example:
-In case of bank info, contact your bank.
-In case of user-id and or password, change these immediately.
-In case you selected a link, run the anti-virus scan on your machine.

In case you notice that your computer behaves strangely (hard drive constantly active,computer reacts very slowly,...), disconnect your computer immediately from the network (delete the network cable from your computer). Shut down your computer and contact experts.

Peter Van Rossem - helpdesk@vub.ac.be
Note

Please note that the Computing Centre may send messages informing users their "mailbox is over size limit" or their "account is not valid", but we will never ask you to send back your password.
09/12/2008

Note that not only information from financial institutions or credit card companies are targeted, but also login information and passwords of email accounts. e-bay accounts, yahoo, paypal, etc...
05/06/2008

BTW, isn't it strange that you receive such requests from institutions of which you have never even heard and where you are no client, of that their email contains a phrase "if you are not user/client of <...> please ignore this email!"?:-)
01/07/2008

http://webnotes.vub.ac.be/&noteid=298

: :: ::: ::::