Threats of Spam and Phishing
September 3, 2019
By: Todd Feltner
Spam and Phishing
These are two of the most common forms of cybercrimes. Spam is unsolicited emails and messages sent to our email inboxes and can be easily controlled by simply deleting the email and moving on. Many are legitimate sales pitches that companies use to advertise. Others can be much more dangerous and are considered phishing emails where the sender offers a bait so that you take it and give out the information they want such as bank account information, credit card information or personal information such as a social security number or online account login information. The bait can be in the form of a business proposal, which in most cases is something that sounds way too good to be true. There are also online companies making claims that you can obtain an insecure loan regardless of where you live or what your credit score may be.
Phishing emails usually contain links to look-a-like copies of popular websites, many of which require a username and password to use. You click on the link and are taken to the fake website, possibly to shop. You decide to buy something and hand your credit card number and expiration date over to a criminal.
However, new forms of phishing can occur everywhere in cyberspace, including Instant Messengers, forums, by social engineering and even on regular websites. A new form of phishing is called Tabjacking, or Tabnabbing. Tabnabbing works by you simply navigating to a genuine website. You then open another tab in your internet browser and browse another site on the new tab. After a while you return back to the first tab and are greeted with fresh login details, such as an email account or the login for that specific website, if a login was required. You enter your login information not suspecting that the page has changed behind your back, and the cyber-thief now has your login information.
Characteristics of Phishing attacks
- There is a request for submitting personal information. Most companies, especially taxing agencies such as the IRS or a state taxing agency do not ask customers to submit confidential data via emails.
- The sender injects a sense of urgency in the request for information or even demands immediate action with a threat if that action does not happen.
- Attachments may be included in the email and those attachments will most likely contain some type of malware.
- The email, as mentioned above, will contain phony links to look-a-like websites.
- Bad grammar and spelling.
How to protect yourself from Phishing attacks
- If you find an email suspicious, do not click on any type of link in the body of the email or download any attachments.
- Delete the email as soon as you can.
- Never reply to suspicious emails with any type of personal information.
- Ignore and delete emails that tout offers that are obviously too good to be true.
- Always use an internet browser that comes with Phishing protection such as the latest versions of Internet Explorer, Firefox, Chrome, Opera, etc. These browsers come with blacklists of known Phishing sites that are regularly updated. You will receive an alert if you happen upon one of these sites.
- Make sure that you are using effective and up-to-date anti-virus software.
- Use your email provider’s spam/junk filters.
Cyber-crime is rampant in our society and as cyber-thieves become more cunning in their practices, the threats to our financial lives increase. Spam and Phishing attacks, if successful, can cause lasting financial turmoil to individuals and businesses alike. Thankfully in most cases, being able to recognize a threat and taking simple steps to eradicate the threat, will help ensure that our financial lives are protected and our data is safe.