How to Identify Phishing E-Mails How to recognize fraudulent emails and avoid being ‘phished’. Presented by : Miguel Fra, Falcon IT Services ([email protected]) http://www.falconitservices.com Dial In Conference: (305) 433-6663 Option 4 PIN # 0825 For live presentation visit http://presentations.falconitservices.com and enter invitation code ‘Phishing’. If you have a group of 10 or more people, please contact me to have this presentation given at your place of business (2 weeks prior notice please). Sources:Wikipedia,OnGuardOnline.gov, US CERT, Kapersky Labs What Is Phishing?  Phishing: Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public.  Spear phishing: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information.  Whaling: Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks. Phishing Attacks Watch out for the following: Password Reset Requests Account Lockouts Account Termination Account Login Requests Program/Software Installs Hyperlinked Web Sites Information Request How Viruses and Phishing Relate to Each Other  Some viruses inject additional fields into legitimate Web sites in order to obtain sensitive information.  Phishing links in e-mails can lead users to infected web pages in order to install spyware on a user’s PC.  Viruses can harvest e-mails from your address book.  Beware of ‘lost’ USB sticks, they could be virus infected phishing devices.  Viruses can alter search results and lead you to fake sites. How E-Mail Addresses are Harvested  Automated programs harvest email addresses that appear in Web sites.  Computer and phone viruses can harvest e-mails from an infected user’s address book.  Chain e-mails are used to collect e-mail addresses.  Internal corporate e-mails can be requested from DNS servers that have not been locked down properly. Don’t Let Your Guard Down!     I can’t get a virus, I have anti-virus! I have a Mac/Linux, they don’t get viruses. I have an Anti-Virus program! My IT Department keeps me safe. E-Mail No-No’s  Don’t open attachments, especially ZIP and RAR files.  Even when you receive an attachment from a familiar source, call them and verify that they sent you the attachment.  Look for E-mail with attachments that are out of context (businessmeetings.pdf from your child instead of from your boss).  Don’t follow E-Mail links or click on links. View everything with suspicion. Avoid Being Phished! • • • • • • • Phishing is an attempt to acquire sensitive information by masquerading as a trustworthy entity. Phishing can come in the form of email, postal mail and social media. Beware of e-mails that are out of context. Don’t open files from chat, e-mail or social media transfers. Be weary of zip files in e-mail. Be weary of e-mails from UPS, Fedex, IRS, Banks, Credit Cards Risky attachment file types: ZIP, RAR, EXE, PIF, BAT, VBS, COM Anatomy of a Typical Phishing E-Mail • • • • • • Look for grammatical errors and misspelled words. Check the sender’s E-Mail address for a match. Look for generalized salutations (i.e. dear customer). Real providers usually know your full name and will include it in their e-mail. Hover over links to see if the linked URL matched the hyperlink. Watch our for scare tactics! Look out for requests to visit a password reset or login site that you have not requested. Anatomy of a Typical Phishing E-Mail Hovering over hyper links will reveal the true destination either in a hover message or at the bottom of your browser. Anatomy of a Typical Phishing E-Mail Hovering over hyper links will reveal the true destination of the hyperlink. Look for fake URL’s Social Media Phishing This social media phishing site tricks you into thinking you need a special program in order to view the attached video. Notice the link URL. In this case it’s facebookapp.com. Don’t link/friend/connect to unknown people. Seriously, you know this person? Anatomy of a Phishing site Look at the URL carefully and make sure it matches. The real URL is highlighted in black. Type in the URL yourself, don’t follow links! Look for spelling and grammatical errors in Web sites. Look for inconsistencies, broken links and broken image links. Look for HTTPS as well as a secure site certificate that is valid. Phishing is not Just E-Mail Based. Phishing Sites are Indexed on many Search Engines This site came up when I Google searched the term: Sharp Error 3332. There are several clues that identify this as a malicious site: 1. 2. 3. 4. 5. When I called the toll free number, the agent requested access to my computer without even asking me who I was. They told me they had to run a utility to test my computer for connection errors. The fix shown here is completely unrelated to the problem. This error is e-mail related error for a Sharp photocopier, nothing to do with Windows. The site has several links to a ‘fix’ and even tried to automatically download a program to my PC as shown at the bottom as soon as I opened the page. When I asked the phone agent the name of their company, they stated they were from ‘Microsoft’. Registry ‘fix’ programs usually are junk ware and will typically cause further complications and problems. Unified Threat Management If your router supports UTM (Unified Threat Management), enable the UTM features. UTM anti-virus and anti-malware gateway scans all incoming traffic for malware before it gets a chance to enter your network. Enable the URL filter to block known phishing sites, known virus distribution sites and known infected servers. It’s also a good idea to block P2P sites, Proxies and other sites commonly associated with malware infections. Use the UTM’s SMTP filter to block SPAM as well as ZIP, RAR, EXE, COM and SCR files from coming in through your E-Mail. Common Phishing Scams Lottery: E-mail or letter stating that you have won a foreign lottery asking for bank information or up front fees to cover taxes, shipping costs or wire transfer costs. Fake Check: Scams hat answer to on-line posts from EBay, Craig's list, etc. The scammer will show up with a fake cashiers check for a greater amount, claim it’s an error and request the difference in cash. The Nigerian E-mail: An oil magnate in Nigeria has a large amount of money they need to transfer to the US and are seeking assistance in exchange for a percentage. Relative in Foreign Country: A relative in a foreign country is in trouble and needs you to wire money ASAP. This is a type of spear phishing attack that relies on stolen identities and address books. Password Reset/Account Verification: Your credit card, financial service, hosting or other on-line service will stop working unless you verify your account and/or reset your password. What Should I do If I Suspect Having Been Phished?  If you suspect that you have been phished, immediately change your passwords and monitor your credit cards/bank accounts or whatever type of service you suspect may have been compromised by the phishing attach.  Contact us for a consultation or research on-line to seek out further advice and recommended action.