During this season of giving, you don’t want to give “too much”…
UPDATE: January 7, 2014 – Another good article has just been published, by Tech Republic, which discusses the issue of “phishing.” Worth a read as well: “Technology can’t stop phishing perhaps common sense can.”
Having been around for nearly 50 years, electronic mail – commonly known as e-mail - is the probably the oldest of all protocols used on the internet. And, it is still something nearly every “connected” person uses on a daily basis. Some folks, like me, live on e-mail, conduct business, share information and data, as well as general correspondence. In my case, my “inbox” often gets very full. With frequent use, comes complacency.
We all know about SPAM, that unfortunate, ubiquitous scourge of modern times. Most of us can effectively spot SPAM and many of us deploy some form of “spam-filtering” which automatically parses out the most egregious junk. Personally, I love Cloudmark DesktopOne for Outlook. This is an inexpensive paid service that maintains a “cloud-based” database of bad stuff that has been identified as SPAM. When installed as an e-mail client plugin, Cloudmark DesktopOne scans all of your incoming mail comparing it against this database. When I spot SPAM that has slipped through the filter, I click a “Block” button on my screen which moves the errant message to a special spam folder but also adds this information to the Cloudmark database so other subscribers benefit from my largess.
Most people also know about “phishing” – also known as e-mail spoofing. Unfortunately, this nasty newer threat is a harder security problem to resolve because, as all good magicians know, all of us can be tricked.
To quote from Wikipedia:
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may contain links to websites that are infected with malware.
It is the last two parts of this description that are most troubling. First, phishing e-mails can LOOK very real. Very often the bad guys will use the real logos of popular and well-regarded companies and even use phony e-mail addresses that look like the real thing. They can sometimes be VERY real looking (and sounding) and trick even the most conscientious user. I know, it has happened to me!
A new article on ZD Net describes research that provides some chilling news.
Websense says that while the percentage of phishing attempts within all email traffic dropped to 0.5 percent in 2013 — down from 1.12 percent in 2012 — this is not necessarily good news. We may be receiving less of them, but campaigns are now far more sophisticated and targeted as criminals use additional resources in making campaigns more successful.
The article goes on to point to the five most commonly used e-mail “Subject:” lines used by scammers:
But what subject lines are most likely to dupe an individual or business in to falling for a phishing campaign? Based on the researchers’ findings, the top five which are most likely to be clicked upon are:
Invitation to connect on LinkedIn
Mail delivery failed: returning message to sender
Undelivered Mail Returned to Sender
And most importantly the article ends with this recommendation that I totally agree with:
To combat phishing attacks, installing a strong security solution can alert you before malicious files are downloaded to a system or if you visit a website that is not legitimate. However, common sense is also key — for example, if you are not a member of a particular bank or haven’t recently conducted a transaction online, be extra careful before you open any emails. If in doubt, call the company in question.
Read the whole article “The five most dangerous email subjects to watch for” on ZDNet.
Read the original study published by Websense Security. There is also a link for a free white paper, “Defending against Today’s Targeted Phishing Attacks.”
Photo credit: Image licensed through Creative Commons by U. S. Fish and Wildlife Service – Northeast Region