General Chat Thread, Tips to avoid Phishing E-mail or other lovely viruses in General; Hey all,
I have had a teacher come up to me today, the teacher almost fell for an fishing e-mail. ...
20th September 2012, 04:54 PM #1
Tips to avoid Phishing E-mail or other lovely viruses
I have had a teacher come up to me today, the teacher almost fell for an fishing e-mail. After coming to me we check to see that it was a fishing e-mail and then the teacher deleted it and went back to he's Prep time. This got me thinking about the advice a give out on safe use of e-mail when talking to the staff or students, I normal say when they uses their personal: -
1. Only open e-mail from people you know.
2. Delete or move to junk anything you think is unsafe.
3. If it's to good to be ture it's because it's to good to be ture.
4. Don't give out your e-mail to people on the street or to websites that you visit researching work, or have a diffenet e-mail account just for that.
5. If you do get an E-mail that looks genuine copy and paste a bit of the text into Google, Yahoo, Bing etc and see if a hit comes up saying it's fake.
6. Come and show it to me so I can check the links.
7. Don't use a school computer to check you personal e-mails.
Have I missed anything?
IDG Tech News
20th September 2012, 05:12 PM #2
Even if an email looks completely legitimate, if it's asking you to click a link and log in to your account, don't. Always type the address for the homepage of said site and login yourself from there; if there is really a message waiting for you, it'll be there.
[PS - I hate to be a pedant, but it's phishing when talking about security attacks!]
Thanks to LosOjos from:
Grey-gear (21st September 2012)
21st September 2012, 09:12 AM #3
21st September 2012, 03:59 PM #4
Only the fact that the moment they sit in front of a computer and check their e-mail, they'll completely disregard everything you told them.
Originally Posted by Grey-gear
Thanks to Earthling from:
Grey-gear (21st September 2012)
21st September 2012, 05:02 PM #5
1 - Never click on a link in an E-Mail unless you are expecting to (such as verification after signing up to a site). Visit the website directly and log in there. Example: Person X has added you on Facebook, don't click the link but check by logging in to Facebook directly.
2 - Offers that look tempting are tempting for a reason, to get you to respond!
3 - If you don't expect an E-Mail or the E-Mail seems very out of character, do not respond. With the rise in compromised accounts this year, even E-Mails from people you know can be dangerous so if it seems very unusual for Aunt Pam to offer a million pounds to shift money out of Nigeria, it probably wasn't sent by Aunt Pam!
4 - Any E-Mail requesting log-in details to verify your account due to fraudulent use or risk shutdown will be fake (E-Mails from Blizzard Entertainment and Free E-Mail services are most common). Same with "account purges" or "shutdowns."
5 - Never unsubscribe from spam mail, they are there to get you to confirm your account is active.
6 - Unsolicited mail about current issues are very common attack vectors for scammers!
- Large sums of money to be moved, requiring a sum of money by a specific time (revealed later) to resolve a complication. (AKA 419 Scam)
- Inactive accounts are being purged, please confirm login details or be shut down.
- Fraudulent activity detected, confirm login or be shut down.
- Any link leading to fake login pages (very convincing!).
- Fake password resets. If it wasn't initiated by you, it isn't real!
- (From person on contacts list) Hey, is this you? http://scamlinkgoeshere (Also seen on social networks).
- See video of Insert Shocking/Funny/Trending/Bizarre story here (Very common on social networks).
- Your computer is infected, click here to fix it or nasty things will happen.
Last but not least, the entire malware and scams landscape is changing. Where trojans and other nasty programs hidden behind adverts were typical attack vectors in a scam campaign, this changed to drive-by-downloads where a vulnerable machine would get hit by a compromised web-page. As anti-virus systems improved, attack vectors changed again to target the more vulnerable parts of the system, the users! Social Engineering is the term used to describe tricking people into handing over personal and sensitive information to carry out attacks by using false Facebook updates or Spam E-Mails, even phonecalls to technical support teams. Security firm HBGary was compromised by Anonymous with a phonecall asking for the server password.
Then there is the biggest change in the past year or so following high profile breaches of company databases, Pastebin logins dumps. Attackers breached security of websites via technical or social means, accessed databases and discovered unencrypted or easily crackable login information. The raw details were put on the Internet for all to see and analysis showed many people re-used passwords, meaning one breach of an account could result in multiple breaches over multiple Internet services. This is very hard to defend against short of unique passwords over many services (but security questions may be the same and easily discovered through sharing too much information publicly!). A prime example is Guild Wars 2, where on release day people re-used passwords when creating accounts and had their accounts breached on day 1 of launch by attackers trying logins on lists of breached details.
21st September 2012, 07:23 PM #6
Amongst giving similar tips out I also give this out to staff to help them avoid the pitfalls of sending emails to the wrong people.
The guides are written by experts for ordinary folk to help themselves and computer safe. So far they have gone down well and nobody felt I insulted them (a typical problem with some!).
By burgemaster in forum Scripts
Last Post: 28th July 2011, 05:12 PM
By Cache in forum Netbooks, PDA and Phones
Last Post: 3rd March 2010, 08:17 PM
By alandickey41 in forum MIS Systems
Last Post: 11th March 2009, 07:26 PM
By sidewinder in forum Windows
Last Post: 8th June 2007, 09:43 PM
By HodgeHi in forum Scripts
Last Post: 21st June 2006, 10:05 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)