Phishing - a difference

Phishing differs from spam - it is always malicious.  Spam is annoying.  Most cyberattacks begin with phishing emails, usually with a malicious link to malware, or an attachment with malware.  

Spam emails are sent by the thousands or millions.  If the spammers can get just a small percentage to click and buy their sometimes shady product, they can easily make up the cost and more.  If you respond, you have just confirmed that your email address is legitimate, adding to a database of listings that can be sold to other spammers. Even if you opt out or try to unsubscribe.

Phishing emails are sent for a specific purpose, trying to convince you to open that attachment or click on a link to a website that will try to install malware on your computer.  Or it could be designed to trick you into giving out your personal information - bank account, passwords, etc.  They will usually try to look like a legitimate service or vendor.

Looks like it is from Fedex

But here is the link address in the "View Details" and "unsubscribe"

And it is already reported as a known phishing site

Remember:  through the use of a company’s name, logo and other recognizable information, victims of phishing attempts are deceived into thinking the requests are legitimate.  Guarding against phishing is the same as for spam - do NOT open attachments unless you are positive who they are from, and do NOT click on links you are not sure of.  If you have questions or are not sure what you have, let BSCANS know. 

 

How do I know what website I'm really visiting?

The simplest way to know what website you are visiting is to check the URL, the address of the website.  But NOT by clicking on it!  Try just hovering your mouse pointer over the link.  

http://safe_and_friendly_company.com/login/
The link above actually takes you to dangerous_and_evil_company.com


 

  1. Be careful! URLs can be tricky.
  2. Ask yourself: does email address align with the domain?
  3. Examine the URL in the link's destination; ignore the link's text!

In the below example, "support" is a hostname, and "google.com" is the domain name.  This is important to know when trying to identify legitimate websites.  

Understanding the construction of a URL is your most important defense against phishing attacks. If you're confused by a URL, it's best to research it first, to see if it safe to click it!

 

 Emails are commonly used for phishing attacks.

  1. As a consumer, phishers target your cash and credit.
  2. As a computer user, they want to gain control of your computer and/or network.
  3. As an employee, they will use your credentials to gain access to your enterprises resources and data.

A "traditional" phishing attack tries to trick users into submitting sensitive data (such as usernames and passwords) by presenting a fake login form. Often the login form appears to be authentic, but the site is really controlled by "bad guys.".

We have seen successful phishing attempts against CEOs of Fortune 500 companies, security professionals, IT administrators, customer service representatives, law makers and accountants alike.

Every user will be targeted at some point.

A "traditional" phishing attack tries to trick users into submitting sensitive data (such as usernames and passwords for a banking site or corporate system) by presenting a fake login form. Often, the login form appears to be authentic.

Sometimes the attacker simply needs you to click a link in order to launch an exploit against your web browser, infecting your computer with a virus.

Other times, they want to trick you into opening an attachment.

Opening attachments from untrusted sources is particularly dangerous because they can easily infect your computer with malware or viruses. The malware could do anything: corrupt your data, steal your credentials, or turn your computer into a "zombie" to be used as part of a rogue computer network controlled by malicious cybercriminals.

 

Ask yourself the following questions before opening attachments to help you decide if it is legitimate or fraudulent:

  • Is the attachment out-of-context?

Did you receive an email from a bank where you have no account? Or perhaps you're getting a chain-letter at your work address. Do you recognize any of the other addresses in the message headers? These should be red flags.

For your own protection, you should consider only using your work's email address for work-related correspondence. That way, any out-of-context email will be easier to spot.

Finally, be sure to check out the type of the attached file before opening it. Is it an unusual file-type for a business environment? In most businesses you wouldn't expect an audio file to be attached to a banking email. Executable files (with ".exe", ".bat" and ".com" extensions, for example) should be treated with extra suspicion.

  • Were you expecting an attachment from the sender?

You may want to call (not email) the sender to ask them about the attachment's contents. To be extra safe, get their phone number from the vendor's website rather than trusting the phone number in the sender's email signature. And if you can't find the vendor in a web search, stop there and delete that email.  Do NOT open the attachment.

Do I unsubscribe? 

Be aware, if you try to unsubscribe to a spam email, you will 1) confirm that your email address is an active one, and 2) possibly be added to a list to sell to someone else - MORE SPAM!  Below are two emails, with different subjects and return addresses.  But link to same "unsubscribe" site. 

 

If you click on that link, you will be redirected to another site, which has been blacklisted as a phishing website.  

Thanks, VirusTotal!

Thanks, Sucuri!