Thursday 6 March 2014

Spoofs, fakes and phishing.


Keeping safe online.
Tips on spotting spoofs, fakes and phishing.

You may just want to jump to the tips below, but it’s perhaps worth while knowing some of the background history to this.

Email is perhaps the most ubiquitous method of electronic communication. However, it is for many of us a recent innovation. We were not taught about it at school and subsequently our digital literacy skills, how to be safe online and some of the other finer intricacies are all by and large self taught. The internet is a bit like Apple’s iOS for the iPhone or iPad, there are a lot of hidden features not mentioned in the manual that we are left to discover by ourselves. However, we need to have at least some basic skills and knowledge about being safe online and and thieves have been taking advantage of anybody with a lack of knowledge for a long while, and they are getting sneakier!

Most of us are probably aware now of phishing attempts for financial information. That is emails purporting to be from a financial institution attempting to get your log in details and access to whatever finances you have there. However, nowadays it’s not just financial information they want, personal details (eg for ID fraud), your computer (to silently become part of a mega cluster of computers for sending spam, carrying out denial of service attacks, etc) and also the Ransom attacks (a program locks all your files so you can’t access them, until you pay a ransom to unlock and even then they might not after payment. I’m sure that list is not exclusive.

As ways to gain access to this information or our machines I’ve been increasingly made aware of other emails that try to take advantage of basic human nature and our need to respond to a crisis. I have had emails in the past about:

Notice to Appear / Court orders 

(Figure 1): Requesting that I turn up to a specific court on a specific date and time for my case to be heard. Details contained the attached file. A ZIP file which contained an .exe file.

Eviction notices 

(Figure 2). Advising about to be evicted. Details of the court order attached. A ZIP file which contained an .exe file.

Friends funerals 

(Figure 3): Advising me of a death (typically no specific name) and funeral service at such and such place and time. Link attached takes you to a website not at all related. I did not follow these links (and if I am suspicious I do not) so I cannot tell you if the link was to a malicious file or request for information. 

Email inbox near to capacity 

(Figure 4): Advisory notice about my email inbox being nearly full and to contact the admin via the provided link to sort this out. 

Email account to be shut down 

Advisory notice about my email account to be shut down and to contact the admin via the provided link to sort this out.


Figure 1: Spoof Notice to Appear/Court Order


Figure 2: Spoof eviction notice
Figure 3: Spoof funeral notice


Figure 4: Spoof inbox nearly full notice.

The TIPS

> Have basic computer security. 

Make sure you have both a firewall and virus protection on computers you use. - but these only go so far in protecting you and your machine. 

> Be wary of attached files. 

Typically these are ZIP files as you can easily hide all sort of things in a zipped file, eg a malicious program (.exe = executable file). You can view the contents of ZIP files before actually unzipping them. If the file that is zipped is NOT a document (e.g. .pdf, .doc, .docx, etc) or file type you recognise as safe (ie will not install. Then avoid!! 

> Be wary of any Links/URLs. 

It is very easy to write down a URL, but have the actual link pointing somewhere else. Sometimes these actually point to a similar looking URL. For example does this link http://www.ioe.ac.uk actually point to where it says it will take you?
In most web browsers and email clients, it is possible to view actual URL before clicking on it. E.g hovering over the link with your mouse without actually clicking will show either in the task bar of the browser window or in a pop up window the actual URL. 

In Outlook Web Access (OWA), you have to right click the link and then select properties. BUT CAUTION: In Outlook Web Access, the URL that the link wants to take you to is obscured by a redirect URL created by Outlook so you cannot tell whether the URL you are being taken to is legitimate or not. The only way you will find out is if you actually follow the link and look at the URL in the address bar of your browser. This might be too late. Some websites have malicious code which is automatically downloaded when you visit them.

> Look at the sender

Be aware that it is possible to make it look like an email has come from somebody but in reality come from someone else. I have had emails that I have supposedly sent myself!
Is the sender’s domain name (that bit after the ‘@’ sign) related to the company the email is supposed to come from? If the email is that official, the domain of the sender should match the domain of the company. E.g. in Figure 4 why should somebody from “duvalschools.org” be advising you of a problem relating to your IOE Account? Or in Figure 3 why is somebody from dukesofficesupply.com sending a funeral notice on behalf of Eubank Funeral Home?

> Look at content, the body of the email

Is the email asking for information? Or does it want to provide more information with an attachment or link to another site? If it is any of these, then there’s a better chance of the email being malicious.

How specific is the information? Are you mentioned by name in the email or could the email be applied to anybody?

About the author:

Kit Logan is a Learning Technology Fellow with the Learning Technology Unit at the Institute of Education and is based at the London Knowledge Lab.

No comments:

Post a Comment