Suspicious emails, phone calls or text messages

Security
Written By Dhillon Chhiba

The aim of this guidance are as follows:

  • To give you an understanding of what the term ‘phishing’ is.

  • Allow you to spot genuine emails from the fake ones.

  • To show you what to do if you get one or have already responded to them.

  • To give you tips and tricks to report or notify the right people.

What is ‘Phishing’?

Phishing - can be locally known as a scam, is a method which attackers would use to gather and collect personal information about you using different communication methods such as: emails, text messages or phone calls. They can pretend to be someone you trust for example, internet service provider (ISP), bank, local council/ government official or a long-lost friend. They exploit their trust with you in order to retrieve your personal information or Personal Identifiable information (PII).

Emails and Text Messages:    

Email and text message phishing works in a similar way to each other. They are designed for you to click on a suspicious link which is then sends you to a fake or malicious website and make you fill in your details. These fake websites are made to look like a genuine site or someone you trust such as, bank, governmental body, ISP and shops. Sometimes these sites would be used to house malware (viruses) and could be automatically downloaded in the background (without you knowing [silent downloads]).

Phone Calls:

Phone call phishing works in a similar way to email and text messages however, they take more of a direct approach. Again, they would pretend to be someone you trust, most common examples are ‘technical support*’, ‘Amazon customer service representative’, bank, governmental official/body. They would pretend to be these types of companies or organisations and ask for your personal details like passwords, banks details, etc.

*(Technical support scams with be featured on another post)

How to check your emails and text messages?

If you think you have a spam or phishing emails, follow these steps to clarify if you have received a phishing email:

  • Look at the from address (does it look like a genuine email address, check the full line of the address.)

  • Look for spelling mistakes within the email (spammers tend to not care about the spellings within an email)

  • Does the email have a sense of urgency to it, telling you to ring up, to follow a link or to follow a link and log in to your account?

  • Does the email say, “Dear customer” and not your name?

  • Does the email have attachments with different type of  file document extension like ‘.m’ or ‘.exe’ compared to the standard file document extension such as, ‘.doc’, ‘.docx’, ‘.xlsx’ or ‘.pptx’.

Here is an example of a phishing email:

Here is a real life example of an phishing email sent by the presumed ‘United States Postal Service’. There are a few ‘tell tale signs‘ that this is not genuine email from the postal service. This is explored in the next image.

Here is a real life example of an phishing email sent by the presumed ‘United States Postal Service’. There are a few ‘tell tale signs‘ that this is not genuine email from the postal service. This is explored in the next image.

Here we can see a few highlighted areas to look at:Shows the senders email address stating its from ‘United Sates Postal Service‘ however the domain “@domain.com“ suggests it from another company. This here shows its definitely not from the correct …

Here we can see a few highlighted areas to look at:

  1. Shows the senders email address stating its from ‘United Sates Postal Service‘ however the domain “@domain.com“ suggests it from another company. This here shows its definitely not from the correct sender as the domain would have been form ‘usps.com’.

  2. Shows that the urgency of the email stating that I have a new message from the postal service.

  3. Show a button which takes me to a malicious website, which is then used to harvest my personal details.

To summaries the above examples of phishing emails. We can see that this email is not a genuine email. The sender or ‘from‘ address does not correspond to the United States Postal Service domain. Inside the email shows that there is an urgent request and trying to make me log-in to a suspicious site.

Here is an example of a text message phishing:

Here is another real world example of a text message phishing. As you can see I have block out number and parts of the URL for your safety. As you can see, again, there are ‘tell tale signs’ of this being a phishing message. Firstly PayPal would not…

Here is another real world example of a text message phishing. As you can see I have block out number and parts of the URL for your safety. As you can see, again, there are ‘tell tale signs’ of this being a phishing message. Firstly PayPal would not send you a text message like this with a actual mobile phone number. Also grammar and punctuation on this can be seen in this message. Finally, the link that is within this massage does not go to a PayPal site. This is again works in a similar way to email phishing, designed to make you click on a link and take you to a website to take your personal details.

Phone call scams (phishing) is a bit hard to capture or record. However, the basics steps the scammers would follow are:

  • A scammer will call you and pretend to be from a trusted company or organisation (Technical Support)

  • They will tell you what this issue is, for example, “A viruses have been found on your computer - we checked our database and monitor for viruses in your area”.

  • They would ask you to download an application on your computer - this would allow them to control your computer [RDP].

  • Once connected to your computer, they would blank your screen (show you a black screen) so you cannot see what they are doing. They would open up command prompt (terminal) and run a fake virus scan.

  • While they are running the fake scans and during the blank screen stage, they would then start looking in to your personal files like, documents, pictures, videos and downloads folders and transfer them on to there computer systems. Some scammers would tend to open up the camera application on Windows or Mac devices to see who are they dealing with.

  • After they run the fake virus scan, and they have allowed you to see your screen again. The scammers would tell you that it found malicious activity “Hackers has infiltrated you computer and your network” and would generally show you then event viewer page showing all the stopped services on your computer (which is normal for a computer to have stopped services).

  • Next step is that the scammers would then describe what you need such as, anti-virus software and would write in notepad, detailing of what you need and how much it would cost.

  • Then they would show you a product page or website, where you need to pick a package that would ‘help you secure your device’. At this point, once you have selected this package, they would ask for you details such as, name, address, phone number, email, bank details and ask you to fill out a form.

  • When payment have been received, the scammers would then install a free anti-virus product on your computer and then turn off the connection and put the phone down.

At this point in time, the scammers have looked through your computer and have taken important documents and files. They have also looked through your webcam to see who you are and they have convinced you that you need an anti-virus software installed on your computer. They have taken your money out of your account and also have your personal details and banking information.

What do to if you have fell for phishing scams?

  • Firstly, if there is payment you need to notify your bank and stop any new transactions from taking place. Ask your bank to disable your account and give you new banking details if possible.

  • Secondly, if its only username and password for an account, immediately change your password and enable two-factor authentication (2FA) or multi-factor authentication (MFA) to ensure protection for all your accounts.

  • Thirdly, if you are getting too much phishing emails, then you might want to consider changing your email address. Also, if you do not want to change your email address you can forward it to the Suspicious Email Reporting Service (SERS). I would advise you send it as an attachment.

  • Finally, if you are getting to much text messages or phone calls you can do the following: register your numbers including landline to the Telephone Preference Service (TPS). If you are still getting many messages or phone calls, then you can forward messages to (7726 - its free) this sends the message to your phone provider and enables them to investigate the messages.

Our advise:

  • Check sender information and cross-reference it to a legitimate email or message. It also worth looking up/ googling companies and organisations to make sure they are the ‘real deal’.

  • Do not give out usernames or passwords to anyone.

  • Do not give out personal information or banking details to anyone

  • Change passwords every 6 months making sure password length is more than 15 characters long and have a mixture of upper and lower cases, numbers, symbols and special characters. The use of password managers is also a good option.

  • Enable two-factor or multi-factor authentication on all your accounts - this would add another level protection to your accounts and would generally stop attackers from accessing your accounts.

  • Have a suitable anti-virus software to scan your computer for malware and email malware

  • If you are unsure about certain emails, text messages or phone calls. It is worth asking a friend to see if they think its legitimate. Additionally, if you think that emails or text messages are spam, just delete them. If it is important the company for organisation would send you another notification or email.

Dhillon Chhiba
Previous

The Holiday Update
Next

Tools I use for repairs