Take Care, Be Aware! Of Unsolicited Emails

Scammers know that people are easy prey to emails or websites that look real; oft times not looking at the URL or reading the content thoroughly or critically. All they have to do is make the email and develop bogus websites of the news portal and other informative stuff to lure gullible readers. They use fake identities to trick their victims into revealing critical information. The Economic Times of India reveals that banking frauds make for 50% of phishing scams in Maharashtra state According to the 2020 Phishing Attack Landscape Report, conducted by Cybersecurity Insiders, and commissioned by GreatHorn, cybersecurity threats and attacks are accelerating. 53% of respondents said that they had witnessed an increase in phishing attacks since the inception of the coronavirus pandemic.

Did you ever receive an email from someone who is pretending to be from your bank or a company executive asking for sensitive information? Such an email may contain a link to a fake website to steal your login (called credential harvesting) or a malicious attachment that can further spread malware or ransomware throughout your systema

It is very important to note that most organizations will not send you an email asking for your social security number, credit card number or passwords, nor will they send you a link to log in or download an attachment.

Cyber-espionage campaigns are on the rise. Mimecast, an email security firm, recently reports that their products are hijacked by cyber pests to spy on customers. The investigators at Microsoft alerted the company about the scam.

Cyber-thugs take advantage of news cycles too. Presently, threat actors are capitalizing on the element of fear due to the Covid-19 pandemic to compromise individuals and corporate employees. The researchers at IBM say that they have detected phishing scams by which scammers attempted to collect sensitive information on the World Health Organization (WHO)’s initiative for distributing coronavirus vaccine. Hackers mostly target companies that make solar panels for powering portable vaccine refrigerators as well as petrochemical companies.

Beware of the generic salutations such as “Dear Customer,” “Dear Member,” or “Dear Valued Buyer.” If your company needs any information about you, they would call you by name. Therefore, you must not trust emails that look suspicious. Rather, immediately report such emails to the IT department of your company.

Malicious actors may ask you through an email to update your account, reactivate your suspended account, or update your digital certificate as a way to steal your login information. Look at the following screenshot that demonstrates the example of a phishing email that has been sent to the salesforce’s clients

Double verify if you receive an email from a source pretending to be from your company or manager; it’s as easy as picking up the phone and asking if it came from them! In most cases, when your company needs sensitive information from you, they would contact you by phone or video call. Other ways to verify would be to confirm the name of the sender, checking that the email address or link in the email by hovering the mouse over the “from” address or link to the website is the right one.

Phishing emails and websites are often misspelled. For example, you must recognize the difference between www.yahoo.com and www.yahooo.com. Undoubtedly, the second one is not a legitimate website and if a Yahoo user puts his credentials into this website (www.yahooo.com), his private data would be compromised. Therefore, always check the spellings in an email or website URL before logging on to them.

Scammers also use tempting text and images to lure you to click on a malicious link. They want to trick you into entering critical or sensitive information with promises of gifts or free stuff.

A email spam filter is a great way to cut down on the number of these types of emails getting through and you, potentially falling victim. These applications use AI to discriminate between spam or unsolicited emails and legitimate emails. They are not perfect so don’t let them give you a false sense of security! What hey will do, however is cut down on the numer that actucally reach your inbox.

Successful phishing attacks mostly occur due to human error. Therefore, your best defense is common sense. If someone is offering you something for no or little effort, chances are it is phishing – remember, loose click sink ships!

*****

Related Posts