Looking out for phishing email messages that may trick you in giving sensitive information such as personal passwords, etc. and promptly delete suspicious email immediately that are of unknown origins.
Computer Incident Response Team (CIRT) would encourage users to report any suspicious email received so that investigation can be follow up accordingly.
Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. It's an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. It may also contain links to websites that are infected with malware.
What to Look for in a Potential Phishing Email
- Spelling and bad grammar: Cybercriminals are not known for their grammar and spelling. Professional companies or organisations usually have a staff of editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam.
- Beware of links in email: If you see a link in a suspicious email message, don't click on it. Rest your mouse (but don't click) on the link to see if the address matches the link that was typed in the message. In the example below, the link reveals the real web address, as shown in the image below. The web address looks nothing like the legitimate web address. Links might also lead to files that are known to spread malicious software.
- Spoofing of popular websites or companies: Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows. Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered.
Types of Phishing
- Phishing: An attempt to acquire information such as username, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
- Spear Phishing: Attempts directed at specific individuals or companies. Attackers may gather personal information about their target to increase their probability of success. (i.e. LinkedIn) This technique is, by far, the most successful on the internet today, accounting for majority of the attacks.
- Clone Phishing: A type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with malicious version and then sent from an email address spoofed to appear to come from the original sender.
- Whaling: Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks. In the case of whaling, the masquerading web page/email will take a more serious executive-level form. The content will be crafted to target an upper manager and the person's role in the company. The content of a whaling attack email is often written as a legal subpoena, customer complaint, or executive issue. Whaling scam email are designed to masquerade as a critical business email, sent from a legitimate business authority. The content is meant to be tailored for upper management, and usually involves some kind of falsified company-wide concern.
- Users may be prompted for their username and password on a site that may closely resemble their own. If the user enters their credentials on this site, an attacker may be able to use them to log into externally facing Virtual Private Network (VPN) or Remote Desktop servers.
- A malicious link, if clicked, could lead to many different types of attacks on a users. The resulting web page link could leverage browser exploits to install spyware or malware on the user's system. These exploits could easily be used as launching points for attackers to infiltrate your network and possibly compromise security.
- A malicious attachment can install spyware or malware on the user's computer. These attacks can be designed to steal information such as passwords, usernames, credit card numbers or other sensitive information entered into website or store on the user's hard drive. The malware could also be used as a launching point for attackers to infiltrate the network.
For more information regarding phishing emails, please click here.
(Information provided by SANS Institute)
Information on identifying different methods on how cyber criminals make money from a hacked computer, please click here.
(Information provided by SANS Institute)
Information on proper usage of NTU's email account, please click here. Information on how to report an incident, please click here.