What is phishing.
People who prey on vulnerable people online are called cyber criminals.
These cyber criminals use a multitude of strategies to help someone part with sensitive information in order then to commit a crime.
The most common is email phishing whereby the recipient opens an email with a virus in it called malware. Malware can infiltrate the users computer and will collect data without the user knowing. Another way a cyber criminal targets a user is through telephone or text message by someone posing as a legitimate institution to lure an innocent person into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. This as a consequence can lead to identity theft.
If you notice an email that has clickable hyperlinks and attachments do some due diligence.
I will post a couple of emails that I have had today.
Cyber crime has been around for a very long time with the first phishing lawsuit filed in 2004 against a teenager from California who cloned a website “America Online”. This fake website conned people into thinking it was the real deal and as a consequence sensitive data from users was stolen to gain access to credit card details to withdraw money from their accounts. There are other ways that cyber criminals work other than through emails and website phishing. These other methods can also be ‘vishing’ (voice phishing), ‘smishing’ (SMS Phishing).
Most Popular Email Phishing is ad follows:
(In most case you do not know who has sent you the email but cybercriminals are being clever by cloning a popular organization such as Netflix, Apple, HMRC, GOV websites and Banks).
- Always be vigilant and open the senders email address to see if the sender looks legitimate or not.
- Sometimes the sender may look legit as in the example I set out below but may have a clickable hyperlink. Never click on clickable links or download attachments if you are not expecting anything from anyone or do not know who the sender is.
- Sometimes the cybercriminals may use an alternative website very similar to the original one to make it look like the email was sent from the real company. Usually by simply opening the senders email address you can see if they are the ‘Real McCoy’ or not. If you have been cc’d and you can see multiple recipients this is either spam or a virus.
- Sometimes you may get an email saying you have been hacked and you are being blackmailed to pay them with bitcoin within 24 hours or all your data will be sold on the dark web. Never interact with these people as it only could cause further problems, instead block and report and change you passwords.
What do you do when you receive these email?
Depending on your email client. I use outlook for mine I can block their email and then report them as phishing emails. I think what Microsoft does is bounce all emails from the sender after they get reported or block them permanently.
Remember that clickable hyperlinks and attachments could contain payloads like ransomware or other viruses. Hyperlinks are either blue or purple and your cursor turns into an arrow when you hover over them.
Below is a couple of dodgy emails I received today one forwarded from my client and when I phoned the number it went dead. (I did not click it ). The other thing may I add is if you type any words after the forward slash of any domain name that does not correspond to a created page, the search results will always be the same and will come up with a 404 error message or page not found. This is a way for a non IT person who relies on Web Designers and may not realise the danger they may be in by receiving an email like the one below and may inevitably end up get hood winked and scammed.
In the last few days I attempted to set up dentistry insurance only to find the Cardiff in particular al though it applies to all of Wales in the UK as from Friday 23rd October to 9th November 2020 we are on lockdown again. So before I could even set up the dentistry plan I then had second thoughts and cancelled it this morning and asked if the company I was dealing with was associated with Close Brothers and they said they were not.
I then rang ‘Close Brothers’ after attempting to copy and paste the url into my browser
and found the url/domain does not exist.
I did however phone the real Closebrothers.com website and they did seem to have my account details but they could not tell me who set up the new insurance?
They did however say if I have cancelled the health plan that I told them about then the company should cancel any direct debits.
From what I can see I only have one DD with this company for my home insurance which was renewed this month but that would not be a new DD, it would just carry on.
What Closebrothers did say was that my insurance DD was made through Atlantis 1.
When I asked for their website they could not tell me the domain name and upon further investigation I came up with https://www.autonetinsurance.co.uk/ which has no mention of Atlantis 1 other than in Companies House https://find-and-update.company-information.service.gov.uk/company/03642372 which appertains to Autonet Insurance Services LTD.
Why set a name called Atlantis 1 and then use a totally different name for the domain name……….very confusing and I have not got a clue who sent me this email and why. Obviously I will have to wait it out.
Be careful we do not want to be shark bait!