Phishing and Email Spoofing

Taureau

Administrator
This is a topic I highly recommend everyone become very familiar with and vigilant against.


In a nutshell if something seems odd about any email you receive examine it closely. Do not click on any links in an email you get that you get a gut feeling something is not right.

Take a very close look at the address its sent from. Is that address the valid address used by whoever sent you the email.

What these scum bags do is enter the display name of the email to be the valid email you normally get. However the display name is not the email address. In the email the actual email address you could very well be something totally different.

for example you get emails from John Doe all the time. Johns email address is [email protected]

Then one day you get an email from John Doe and when you examine the email you see it says John Doe but the email address in this instance is [email protected]

Best way to check is click on reply and do not sent it but however your mouse over the email address displayed and confirm there before you send that your sending it to the right person.

Another sign of a issue is if suddenly John Doe's emails are now going to your spam folder. When that happens look at the contact list and make sure you only have one John Doe listed and that its the valid one.

Be darn careful folks. I have heard of a few labs that their clients have received such bogus emails asking for say payment to a western union account rather then the normal cash in the mail or emt. Anything seems odd you investigate it before replying. You can even go to another one of your emails and send an email to the lab to ask them about the contents and instructions in that suspect email.

Be careful folks.






 
Knowing how to recognize and deal with phishing attacks should be a basic skill taught in school these days. That and password hygene...
Not only can phishing schemes compromise you financially, they're often a great way for attackers to establish a foothold in your organization/company by gathering email addresses and associated passwords.
If you're ever unsure about a message, just forward it to your security/IT team with a note. I promise that we will love you for it ;)
 
Knowing how to recognize and deal with phishing attacks should be a basic skill taught in school these days. That and password hygene...
Not only can phishing schemes compromise you financially, they're often a great way for attackers to establish a foothold in your organization/company by gathering email addresses and associated passwords.
If you're ever unsure about a message, just forward it to your security/IT team with a note. I promise that we will love you for it ;)


speaking of passwords make sure each website you belong to has a unique password. I know of an certain someone that had their password stolen by one forum and that allowed access to other forums. And change your passwords now and then.
 
I'm a computer security expert. The easiest are the zeros for oh's. To be honest I'm not sure how many places actually put links in their emails anymore. A lot have gotten away from that and just say, please visit our website.

Anything soliciting any type of update to an account or information or for their records is a lie.

Lastly, on passwords. Use a unique one for each site. Now I know most people go WTF how do I use a unique password for 200 porn sites. It's EASY and without special software. It's not the most secure of methods but make a system. If the site is www.monkeybuttsex.com, Make a password that begins with lets say MC (M from monkey and C for com) some random characters that make systems happy like 11a$$ and then end it with the year you made the account. MC11a$$0 would be your password if you choose to use this algorithm.

The key to this is the simple substitution method of cryptology. The MC will generally always change unless you have a Monkeybuttsexmidgetamputee.Com account.

For this site, it would be CC in my example. The 11a$$ never changes and the year just puts a little twist on the end...so this site would be CC11a$$0,

MonkeyButtsex,com is MC11a$$0 or maybe a 1 if you make the account next year. That leaves you with only needing to really remember the year you made the account and if you forget you usually get it by trying another year in password retry.

Seriously. This system randomizes your passwords and will defeat almost every hacker backtracking you. Best of all, you can always change the system if you want every so often which is smart to do so anyway so when you go to all your animal smut sites, you just put in a new password that hopefully only you can decipher. Think you've used too much MC11a$$0? Put in MO for MOnkey JJ for Janis Joplin %G# So new password is MOJJ%G# for that monkey site I know you go to or CAJJ%G# for this site.

The point is a bit more of the complexity of learning at first. Best of all you can be at your friend's and if you really need (logging into one of my own accounts on someone else's computer makes my spine itch)...you know what your password is and it's not just something simple. The cryptology changes and people can't just login to every place you know with your usual ILuvAnal!! password.

LASTLY, if you want to discuss ANYTHING about cybersecurity, passwords, and just general best computer habits, shoot me an email and I'll help anyone who needs advice or help.
 
Top