Phishing Fraud: Websites & Emails Can Steal Your Money & Personal Information
What is Phishing?
Phishing is an email scam designed for identity theft. The most successful phishing emails are typically disguised to look like they come from a known or reputable source. These emails usually contain attachments or download links to malicious software, such as keystroke loggers, banking trojans, spywares, and rootkits. A keystroke logger is one of the most dangerous threats. An attacker can use a keystroke logger to steal user names and passwords as you type, including credentials to your emails, remote computers, HR systems, etc.
Believe it or not even the Chinese are not immune to cyber criminals trying to steal their money and personal information using phishing websites and emails.
Fake sites: Using a traditional phishing technique, scammers construct sites that look precisely like real ecommerce sites like Taobao or JD, sometimes even masking the URL. But of course they’re not the real thing, and unlucky customers who make the mistake of purchasing something will never recieve their item. This year, China’s state media reports that more than 5,000 of these sites were discovered on Singles Day.
A new global phishing threat, targeted at businesses and individuals who use DHL shipping has been recently uncovered by Comodo Antispam Labs.
The phishing email headed ‘DHL Capability Tool’ asks recipients to click a link to obtain a tracking number for their delivery. If clicked the link leads to a site that will capture the user’s DHL ID and password.
Tips on how to identify a fraudulent email
Legitimate organizations typically do not request sensitive information via email. Most legitimate companies will not ask you to: Verify your account information – except to verify your email address after registration... ask for your password.... confirm personal information such as age, social security number, or home address.... to provide information of a financial nature.... download a new product or SSL certificate from a provided link.
If you receive a suspicious email purporting to be from a suspicious address, we recommend the following actions:
- Do not reply
- Do not open any attachments
- Do not click on any links
Tips: Identify Phishing Scams
Too generic – Watch out for generic-looking requests for information. Fraudulent emails are often not personalized.
Bad grammar – Scammers are not known for Grade A grammar and spelling. This is a common trait among many fraudulent email scams. Some of these messages have been poorly translated from other languages, or use letters from the alphabet to substitute certain symbols (which is a common tactic meant to evade spam filters).
Links in email – If you see a link in a suspicious email message, don’t click on it. Hover your mouse over the link (without actually clicking on the link) to reveal whether the real address matches the URL that was typed in the message. In the example below, the link reveals the real web address that the user will be routed to, as shown in the red box. Notice that the URL string in the text looks nothing like the web address to which the user will be directed.
Threats and Calls to Action – Phishers like to use scare tactics, and may threaten to disable an account or delay services until you update certain information. Most phishing campaigns include a call to action. If the content places any kind of urgency as far as “you must click into your account now”, it is potentially a scam.
Is That Website Legitimate?
Don't be fooled by a site that looks real. It's easy for phishers to create websites that look like the genuine article, complete with the logo and other graphics of a trusted website.Important: If you're at all unsure about a website, do not sign in.
The safest thing to do is to close and then reopen your browser, and then type the URL into your browser's URL bar. Typing the correct URL is the best way to be sure you're not redirected to a spoofed site.
Cyber criminals are getting more sophisticated all of the time with new tools and coding available to steel logos and identity of companies from anywhere in the world. Complete website paged can be Iframed to make it look like you are on the actual site when you click on a phishing link.
Landing pages to e-commerce website and authority sites such as banks, Microsoft, LogMeIn, System Mechanic, Skype, DHL and many more have fallen victim to this type of fraud.
Report A Suspected Phishing Scam
You can report phishing at http://www.antiphishing.org/report-phishing/