How to Identify Phishing E-Mails How to recognize fraudulent emails

How to Identify Phishing E-Mails
How to recognize fraudulent emails
and avoid being ‘phished’.
Presented by : Miguel Fra, Falcon IT Services
(miguel@falconitservices.com) http://www.falconitservices.com
Dial In Conference: (305) 433-6663 Option 4 PIN # 0825
For live presentation visit http://presentations.falconitservices.com and
enter invitation code ‘Phishing’. If you have a group of 10 or more people,
please contact me to have this presentation given at your place of business
(2 weeks prior notice please).
Sources:Wikipedia,OnGuardOnline.gov, US CERT, Kapersky Labs
What Is Phishing?

Phishing: Phishing is the attempt to acquire sensitive information such as usernames, passwords,
and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity
in an electronic communication.
Communications purporting to be from popular social web sites, auction sites, banks, online
payment processors or IT administrators are commonly used to lure unsuspecting public.

Spear phishing: Spear phishing is an e-mail spoofing fraud attempt that targets a specific
organization, seeking unauthorized access to confidential data.
Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be
conducted by perpetrators out for financial gain, trade secrets or military information.

Whaling: Several recent phishing attacks have been directed specifically at senior executives and
other high profile targets within businesses, and the term whaling has been coined for these kinds
of attacks.
Phishing Attacks
Watch out for the following:
Password Reset Requests
Account Lockouts
Account Termination
Account Login Requests
Program/Software Installs
Hyperlinked Web Sites
Information Request
How Viruses
and Phishing
Relate to Each
Other
 Some viruses inject additional
fields into legitimate Web sites in
order to obtain sensitive
information.
 Phishing links in e-mails can lead
users to infected web pages in
order to install spyware on a
user’s PC.
 Viruses can harvest e-mails from
your address book.
 Beware of ‘lost’ USB sticks, they
could be virus infected phishing
devices.
 Viruses can alter search results
and lead you to fake sites.
How E-Mail
Addresses are
Harvested
 Automated programs harvest email addresses that appear in
Web sites.
 Computer and phone viruses
can harvest e-mails from an
infected user’s address book.
 Chain e-mails are used to collect
e-mail addresses.
 Internal corporate e-mails can
be requested from DNS servers
that have not been locked
down properly.
Don’t Let Your Guard Down!




I can’t get a virus, I have anti-virus!
I have a Mac/Linux, they don’t get viruses.
I have an Anti-Virus program!
My IT Department keeps me safe.
E-Mail No-No’s
 Don’t open attachments, especially ZIP and RAR files.
 Even when you receive an attachment from a familiar
source, call them and verify that they sent you the
attachment.
 Look for E-mail with attachments that are out of
context (businessmeetings.pdf from your child
instead of from your boss).
 Don’t follow E-Mail links or click on links. View
everything with suspicion.
Avoid Being Phished!
•
•
•
•
•
•
•
Phishing is an attempt to acquire
sensitive information by
masquerading as a trustworthy entity.
Phishing can come in the form of
email, postal mail and social media.
Beware of e-mails that are out of
context.
Don’t open files from chat, e-mail or
social media transfers.
Be weary of zip files in e-mail.
Be weary of e-mails from UPS, Fedex,
IRS, Banks, Credit Cards
Risky attachment file types: ZIP, RAR,
EXE, PIF, BAT, VBS, COM
Anatomy of a Typical Phishing E-Mail
•
•
•
•
•
•
Look for grammatical errors and
misspelled words.
Check the sender’s E-Mail address for a
match.
Look for generalized salutations (i.e. dear
customer). Real providers usually know
your full name and will include it in their
e-mail.
Hover over links to see if the linked URL
matched the hyperlink.
Watch our for scare tactics!
Look out for requests to visit a password
reset or login site that you have not
requested.
Anatomy of a Typical Phishing E-Mail
Hovering over hyper links will
reveal the true destination either
in a hover message or at the
bottom of your browser.
Anatomy of a Typical Phishing E-Mail
Hovering over hyper links
will reveal the true
destination of the
hyperlink. Look for fake
URL’s
Social Media Phishing
This social media phishing site
tricks you into thinking you need
a special program in order to
view the attached video.
Notice the link URL. In this case
it’s facebookapp.com.
Don’t link/friend/connect to
unknown people.
Seriously, you know this person?
Anatomy of a
Phishing site
Look at the URL carefully and make sure it matches. The real URL is highlighted
in black. Type in the URL yourself, don’t follow links!
Look for spelling and grammatical
errors in Web sites.
Look for inconsistencies, broken
links and broken image links.
Look for HTTPS as well as a secure
site certificate that is valid.
Phishing is not Just E-Mail Based. Phishing Sites are Indexed on many Search Engines
This site came up when I Google
searched the term: Sharp Error
3332. There are several clues that
identify this as a malicious site:
1.
2.
3.
4.
5.
When I called the toll free
number, the agent
requested access to my
computer without even
asking me who I was. They
told me they had to run a
utility to test my computer
for connection errors.
The fix shown here is
completely unrelated to the
problem. This error is e-mail
related error for a Sharp
photocopier, nothing to do
with Windows.
The site has several links to a
‘fix’ and even tried to
automatically download a
program to my PC as shown
at the bottom as soon as I
opened the page.
When I asked the phone
agent the name of their
company, they stated they
were from ‘Microsoft’.
Registry ‘fix’ programs
usually are junk ware and will
typically cause further
complications and problems.
Unified Threat Management
If your router supports UTM (Unified Threat Management), enable the UTM features.
UTM anti-virus and anti-malware gateway scans all incoming traffic for malware before it
gets a chance to enter your network.
Enable the URL filter to block known phishing sites, known virus distribution sites and
known infected servers. It’s also a good idea to block P2P sites, Proxies and other sites
commonly associated with malware infections.
Use the UTM’s SMTP filter to block SPAM as well as ZIP, RAR, EXE, COM and SCR files
from coming in through your E-Mail.
Common Phishing Scams
Lottery: E-mail or letter stating that you have won a
foreign lottery asking for bank information or up front
fees to cover taxes, shipping costs or wire transfer
costs.
Fake Check: Scams hat answer to on-line posts from
EBay, Craig's list, etc. The scammer will show up with a
fake cashiers check for a greater amount, claim it’s an
error and request the difference in cash.
The Nigerian E-mail: An oil magnate in Nigeria has a
large amount of money they need to transfer to the US
and are seeking assistance in exchange for a
percentage.
Relative in Foreign Country: A relative in a foreign
country is in trouble and needs you to wire money ASAP.
This is a type of spear phishing attack that relies on
stolen identities and address books.
Password Reset/Account Verification: Your credit card,
financial service, hosting or other on-line service will
stop working unless you verify your account and/or
reset your password.
What Should I do If I Suspect Having
Been Phished?
 If you suspect that you have been phished,
immediately change your passwords and monitor
your credit cards/bank accounts or whatever type of
service you suspect may have been compromised by
the phishing attach.
 Contact us for a consultation or research on-line to
seek out further advice and recommended action.