Phishing emails – what they look like and what to avoid.

This is the first article from our new series on IT security. In this series, we will provide practical advice to increase your security awareness and to avoid falling into any cyber criminal traps. 

We start our series on Phishing Emails. They are dangerous because they generally appear to come from a reputable or even trust worthy source (e.g. your friends and work colleagues) and more so they are difficult to block by your security protection software.

What are Phishing Emails?

Phishing emails are fraudulent emails that masquerade as a reputable (e.g. eBay, Paypal, banks etc.) or trust worthy source (e.g. your family and friends). The emails attempt to induce you to reveal personal or sensitive information such as passwords and credit card details.

The way a phishing email works is firstly, the scammer will infect a host of innocuous web sites with their own code. They may plant some programs which attack the vulnerability on your computer or create a fake website that looks like a legitimate one. Then they will send you an email that masquerades as if it comes from someone you know or some reputable companies. Their objective is to portray trust and to deceive users to follow the links or instruction on the emails.

Phishing is a continual and growing threat and is difficult to detect by common computer security software. The threat grows even larger in the social media space such as Facebook and Twitter.

The Australian government has a number of web sites designed to promote online safety:

  •  www.staysmartonline.gov.au
  •  www.scamwatch.gov.au

Examples

We will show you a number of common phishing examples:

Australia Post – You've got a parcel

 AUPOST

Australian Tax Office – Tax Refund Confirmation

ATO

Banking

NAB

What should you do?

 

  •  Always be suspicious of unsolicited emails.
  •  Do not respond to emails that request a password or financial information.
  •  Do not click on any link or open any attachment unless you are confident about the sender and the information within the email.
  •  You can hover the mouse over a link to reveal the destination address of the web site. A phishing email will have a different web site address from the legitimate one.
  •  Be vigilant when visiting social media sites and avoid clicking on links or advertisements.
  •  At work, your IT department or IT provider will generally look after the security on your computer and network. You are less likely to have the same level of protection when you are outside of a corporate environment, therefore you have to make sure:
    •  You have an updated anti-virus program and run regular scans on your computer.
    •  Your computer has the latest security updates.
    •  Your wireless network is secure.
    •  Use strong passwords.
    •  Use different passwords for different usage types (e.g. Use one set of passwords for social media but a different set for banking).

What we recommend...

At itconnexion, we use AVG Cloudcare which provides the following integrated services:

  •  AVG AntiVirus
  •  AVG Anti-Spam Email Services
  •  AVG Content Filtering
  •  AVG Cloud Backup

In addition, we use Cyberoam firewall to secure your Internet connection as an added layer of protection. Cyberoam firewall offers these security features:

  •  Intrusion prevention system
  •  Web filtering
  •  Anti-virus, anti-spyware and anti-spam
  •  Web application firewall

We hope that you have found the above information helpful.
As always, please comment on this blog with any questions that you may have. Alternatively, please pick up the phone and ask our team here if you think an email looks suspicious. Better to be safe then sorry.
If you need us, please contact support@itconnexion.com or 1300 89 22 00.