Defcon-5 Home > Protecting Yourself
 

Phishing Attacks

The first question you are probably going to ask is "What is phishing?". Phishing is basically a form of social engineering, and like all social engineering it is designed to make you reveal or give up important information. When someone performs a phishing attack they will use methods such as instant messages, or more commonly email. What the attacker does is they will craft a message that looks like it came from a well-known company that you might have done (or actually do) business with. These messages will appear to be very authentic and often say one of the following:

  • "Your account has expired, to reactivate your account click here..."
  • "Your account information needs to be updated..."
  • "Sorry but your credit card information seems to be invalid please update it...."

The attacker will use graphics and logos from real emails that the company would normally send out, in fact the message may look identical to the real thing, making it even harder for you to spot it as a fake.

Clicking on some of the links in these kinds of messages will take you to a site that is controlled by the attacker, and will look identical to the actual company's website. From there you would unknowingly provide them with the information that they are seeking, such as credit card numbers, account names, passwords, social security numbers, and other information you would normally protect. The reason you are giving this information up so willingly is because it looks like you are giving it to a company that you would trust with it, however in reality the attacker has tricked you into giving it to him.

So now you are probably asking "How do I spot one of these fake emails?". There are various methods to spotting a fake, some more sophisticated than others, some simpler.

  • Look for your real name in the email, not just your email address. If you have done business with this company before chances are they have your real name and would use it in an email. Emails that are not personalized have a much higher chance of being fake.
  • Does the message use very emotional, or other wise upsetting verbiage to make you react immediately to it?
  • Does the email contain a form requesting personal information (account names, passwords, billing information, etc.)
  • Do the links in the email take you to sites that have IP addresses (Something that looks like this: 123.45.67.89) where you would see the domain name (such as www.defcon-5.com)

If you get any emails with one or more of those characteristics chances are that it is a fake. However if you do not want to take a chance that it might be real, contact the company directly via telephone, or by manually typing in their website address (Do not use the links that where in the email as they may be fake). There are other things you can do to protect yourself from these messages:

  • Make sure you are on a secure server when providing important personal information; look at your address bar it should start with "https". The key thing is to note the "s" as that will mean you are on a secure server; you may also look for a padlock icon at the bottom of your browser window.
  • Check your accounts (credit card, checking, etc.) on a regular basis to make sure there are no strange or abnormal charges.
  • Make sure that your operating system, web browser, and email client are up to date and fully patched. The attackers are using flaws in software now to help trick people.
  • Try using software to detect fraudulent emails, or to warn you when you go to a site that has been marked as being a fraud. ISP's such as EarthLink offer software that can do this.

The most important thing to remember is that if you are not sure if the email/message is legitimate, error on the side of caution. Contact the company to verify that they did send it to you. Just like with social engineering, if you did not initiate the communication chances are someone is trying to pull something on you.


If you have any questions regarding phishing, or just computer questions in general visit our forums or feel free to contact us .

About Us - Contact Us - Employment - Forum - Home
Privacy Policy - Search - Services
© 2017 Defcon-5. All Rights Reserved