Phishing Emails and Socially Engineered Hacks

Sorry, this is not about fishing, it is about Phishing!

What are Phishing emails?

Phishing emails are deceptive messages, crafted by Cyber Criminals. They want to trick the recipients into sending sensitive information. Getting the recipient to do something that may compromise their security. The emails often look legitimate. Possibly coming from a friend, work colleague, or other reputable source such as a bank or the government. What they are trying is to get the recipient to do something that may compromise them. Getting them into pass confidential information such as passwords, credit card details, or even give them access to their computer. ‘Phishing emails’, exploiting our human psychology into believing that the email is legitimate, when in fact it has come from criminals.

These instances, con artists and thieves using the internet to commit their crimes, they are cyber criminals. The danger is they can and do commit these crimes without your knowledge, until its too late.

What Happens?

Being con artists or thieves the cyber criminals use a variety of tactics to appear authentic. They will use official logos, fake the senders address. These might have language in the email that seeks to manipulate the recipient into taking immediate action. The language they will use to causes fear, anxiety or urgency, “I must act NOW” feeling. Typically the action might be to trick the user into updating account information or verifying information to a fake website.

Once the criminals have their victim of the phishing attack the consequences might be severe. The cybercriminals may have gained access to the victims bank account, financial records, or sensitive corporate information. They might even convince the victim to send them money by way of bank transfer.

To reduce the risks of becoming a victim of phishing emails, individuals should be cautious when opening emails. Avoid clicking on links, verify the sender is who they say they are, and get training if possible. Implement things like two factor authentication or using an email filtering system to pick up potential phishing emails.

What is a socially engineered hack?

A socially engineered hack is a cyberattack that uses human psychology as part of the exploitation process. Using psychology to exploited or gain unauthorised access to systems or data rather than using a technical exploit. The term cyberattack is used to describe the event carried out over the internet by con artist and/or thieves somewhere in this world!

The hack could be started by an email or a phone call. The email or phone call would be from a person or group that you would normally trust. Only they are not who they say they are. The person is masquerading as a trusted person or entity such as a bank or the government. If it is an email, it might be from someone you might know. The language in the email may be out of character.

The email or the phone call will be looking to compromise you. Either by getting you to click on a link and prove who you are by handing over confidential details. They might convince you to give them remote access to your device. Once the thief has access to the information or device then they will seek to exploit this for monetary gain.

We often hear about these type of social hacks on the Television news. Innocent people get phone calls about false losses in their bank accounts. Allowing the criminal to access to the bank account purporting to represent the bank and wants to put the loss right but then steals from the account.

What to Do?

There are many sources of information that will help. The banks do regularly send out newsletters with examples of might happen and how to manage it. They give information how to manage the above and what to expect.

On Phishing Emails – A simple check list


Check the Senders email address.

It is simple to do, yet most people assume because it has the persons name there it has come from the person. Don’t make that assumption, check the domain name.  Does it come from where you would expect it to come from.

Subject:

Is it urgent, is it trying to make you do something now, is there a warrant out for your arrest? These tactics are trying to bring a sense of urgency. The action is designed to stop you thinking rationally about it. STOP. Think.

Message:

How do they start their message? Is it a vague start like “Hello” or “long time no speak” Look at the grammar and the language. Typically hackers language is poor.

Links:

Do not click on links, and do not automatically open attachments. Hover over the link, your computer will tell you where it what the real link is. Is that right?  

We have noticed a spike where new employees will be targeted by phishing attacks pretending to come from senior members of the management team. They will send them on a Secret mission and tell them to buy Apple Vouches etc and send them to them. The company will pay them later when the secret is out.

Further Help

There are so many different ways these criminals will attempt to deceive and con you. It is an everchanging game. There are ways to help mitigate these, do call on 01444 238070 to speak to one of the team or contact us on the link below.  

Call now on 01444 238070

https://cse-ltd.co.uk/contact-us