Computer Security 101: Phishing

Hackers used to spend a lot of time and effort using tools to try and crack usernames and passwords. Now it’s much easier and quicker to use Phishing emails instead. Phishing emails attempt to trick users into clicking a link within the email. The link in the email will infect the computer with a virus or take the user to a cloned site that looks legit. It is relatively easy to clone websites using software. In a phishing attempt the cloned site belongs to the hacker and the user enters their username and password thinking it’s the real site. Once entered the hacker will then either sell the credentials or use them to login to the real site or service.

How do they get users to click the link? They use social engineering in order to trick the user. They use things like lack of knowledge or fear of financial loss. The Phishing emails will appear to come from reputable companies. The email will inform the user that, their account has been locked because of suspicous activity, a purchase has been made on their account usually one they didn’t make, a package sent to them couldn’t be delivered and is waiting for their information to be resent or a document is waiting to be electronically signed. There are tons of phishing emails out there.

In a 2016 study the most common companies phishing emails claimed to be from were Google, Yahoo, Apple, Paypal and Wells Fargo. The phishing emails don’t stop there though these are just the largest by percentages. Here is an example of what hackers do with the information,  Apple ID’s are valuable on the Dark Web and Docusign’s webpage with instructions on detecting fraudulent Docusign emails. Here is a phishing site that is a clone of a legitimate site. The site could just as easily have been a clone of Facebook, Apple, Microsoft or any other site.Screen Shot 2018-04-03 at 7.37.02 AM

There are a couple of ways to avoid phishing emails. The first thing to look at is the sender’s email address. The email should match the company supposedly sending the email. Like for Apple ID emails or for Office 365 emails. Some email clients don’t show the email address easily. You can usually copy and paste the sender’s name into a blank document and it will show both the name and email address. You can also hit reply and most of the time that will also show both the sender’s name and email address. Hackers will include the expected company domain somewhere in the email but they can’t actually send from the real domain. It might be but if it’s not it’s a fake!

Luckily as of now most phishing emails are composed with bad spelling and grammar. Multi-million dollar companies will never send out mass emails with multiple spelling and grammatical mistakes. Read the email a couple times looking for obvious spelling and grammatical mistakes. If you find mistakes instantly ignore and delete the email. If your first language is not English these might be hard to spot. In this case maybe try an online service or look for other signs. Also look out for weird formatting in the emails. An example, if you live in America and the company information in the email is for a country in Europe that’s a sign of something fishy. In the Apple ID phishing email below I’ve highlighted spelling and grammar but also at the bottom a German address.Phishing

The next step is to disregard the email and check the information from outside sources. If the email claims something was purchased on your Apple account, your bank account is locked, you have a package waiting for pickup, etc. Search for the company’s contact info and call to speak to someone. They will easily and quickly confirm the validity of the email. Docusign is a popular platform targetted by hackers with phishing emails. Again contacting the sender of the email over the phone to verify the authenticity should be the first step. In the case of fraudulent Docusign phishing emails. A lot of them originate from known contacts whose email account have been hacked. This tricks users into thinking the email is legit because of the source. A user might email the contact asking if the email is legit. However since the email account is now controlled by the hacker. They are potentially communicating with the hacker instead. Which is why calling on the phone is a much better method to contact the sender.

If you’ve already clicked the link in the email and entered your username and password. The next step is to contact the company’s support department. They will help you reset the password to prevent your account from being hacked. If the phishing email link didn’t ask for username and password start an antivirus scan right away. If it’s your work computer call your IT Dept ASAP! If you’ve clicked the link there is no time to waste. A quick response could still save your butt and at the very least will decrease the amount of damage. But the best step is NEVER click the link in the first place. Searching online should get you contact information for whichever company you entered credentials. I’ll post a few of the main ones here the rest you’ll have to find on your own.

Apple Support  Apple ID Support  Google Support  Facebook Support