{"id":16938,"date":"2019-11-20T07:32:35","date_gmt":"2019-11-20T15:32:35","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/11\/20\/news-10675\/"},"modified":"2019-11-20T07:32:35","modified_gmt":"2019-11-20T15:32:35","slug":"news-10675","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/11\/20\/news-10675\/","title":{"rendered":"Online Phishing: How to Stay Out of the Hackers\u2019 Nets"},"content":{"rendered":"

Credit to Author: Trend Micro| Date: Wed, 20 Nov 2019 14:05:56 +0000<\/strong><\/p>\n

\"Phishing<\/p>\n

Despite the growing popularity of social media and messaging apps, email remains the preferred way to communicate online for millions of Americans. And the bad guys know it. Of the 28.6 billion cyber-threats Trend Micro blocked<\/a> globally in the first half of 2019, over 24.3 billion were carried by email. That\u2019s 91%. Many of these threats were made possible via phishing: a tried-and-true technique that hackers having been using for years.<\/p>\n

Why is it so popular? Because it directly targets what they believe to be the weakest link in home cybersecurity: you, the user.<\/p>\n

Phishing can lead to data theft, identity fraud, sextortion, ransomware, or infection with a host of dangerous malware. So what can you do to stay safe?<\/p>\n

What is<\/em> phishing, exactly?<\/strong><\/p>\n

Phishing at its heart is a confidence trick. Attackers use a technique known as social engineering to manipulate the victim into doing their bidding. Usually they achieve this by spoofing their email so that it appears as if sent by a legitimate entity, like a bank, an insurance provider, a popular technology company<\/a>, or even a friend.<\/p>\n

They either want your personal data, your money, or for you to unwittingly download malware to your machine \u2014 by clicking on a malicious link or opening a malicious attachment. So, in order to get you to do this without thinking too hard about it, they\u2019ll typically create a sense of urgency. For example, your bank contacts you saying you need to urgently update your details to avoid extra charges, or the IRS says you owe them<\/a> an outstanding sum that needs to be paid immediately.<\/p>\n

Sometimes they use the \u201ccarrot\u201d rather than the \u201cstick\u201d approach. Phishing emails can be crafted to offer huge discount sales on popular items, such as during the upcoming Black Friday holiday<\/a> weekend. In fact, capitalizing on popular events is a classic phishing ploy: there have already been numerous warnings<\/a> ahead of the upcoming US 2020 Census.<\/p>\n

Harder to spot<\/strong><\/p>\n

Unfortunately, the days when phishing emails were easy to spot are long gone. Today, successful cyber-criminals are much savvier. There are fewer typos and grammatical mistakes in emails, and the sender\u2019s domain, writing style and corporate logos are often convincingly spoofed.<\/p>\n

Hackers have also been able to make their emails look more legitimate by packing them with more of your genuine details. Every time a company you have stored personal details with is breached or leaks its customer databases, hackers can gain access to a trove of personal data to use in follow-on phishing attacks. The latest was Adobe<\/a>, although breaches at delivery firm DoorDash<\/a> and the American Medical Collection Agency<\/a>, among many others this year, exposed personal data on millions of Americans. Along with your email address, hackers get your full name, account details and history, which they can use to trick you into handing over more details.<\/p>\n

What are the phishers after?<\/strong><\/p>\n

As mentioned, the hackers behind phishing attacks are basically shooting for a handful of outcomes. These are:<\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • Data theft\/identity fraud<\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

They either want your personal and financial data to sell on the dark web to scammers, or to use themselves to commit identity fraud. The easiest way of getting this is by tricking the user into clicking through to a separate phishing page, where they\u2019re prompted to enter their details. Like the email, the page itself is spoofed to appear as if hosted by a legitimate company.<\/p>\n

Often, all they need is your log-ins, which provide the keys to your most sensitive online accounts, like internet banking, health insurance portals, and even Uber and Netflix. The latter can be sold on dark web marketplaces to offer unscrupulous buyers free streaming or taxi services, for example.<\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • Malware downloads<\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

By clicking through in a phishing email, you could also be unwittingly downloading malware to your machine. It could be ransomware designed to lock you out of your PC until a fee is paid, or covert crypto-jacking malware which will cause your machine to run slowly while it mines for cryptocurrency using your power supply. It could also be a banking Trojan designed to steal your banking log-ins.<\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • Sextortion<\/strong><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

An emerging extortion scam involves tricking the user into believing they have been filmed via their webcam in a compromising position. Usually, the attacker threatens to release the footage to all of the victims\u2019 contacts if they don\u2019t pay a ransom. Sometimes they use previously breached data, such as the target\u2019s email password, to add legitimacy to the scam.<\/p>\n

Trend Micro data reveals that these so-called \u201csextortion\u201d schemes more than quadrupled from the second half of 2018 to the first half of 2019.<\/p>\n

How can I stop it?<\/strong><\/p>\n

Fortunately, there are a number of things you can do to protect you and your family from the impact of phishing emails. A combination of user awareness and technology filters from a reputable cybersecurity vendor is a great place to start.<\/p>\n

Consider the following:<\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • Be wary of any unsolicited email, even if it appears to come from a reputable vendor<\/li>\n
  • Don\u2019t click through on any buttons in unsolicited emails, or download attachments<\/li>\n
  • If an email asks you for personal data, check directly with the source independently, rather than clicking through\/replying<\/li>\n
  • Although becoming rarer, spelling and grammatical mistakes in emails are often a sign of phishing<\/li>\n
  • Remember, if a special offer looks too good to be true, it usually is<\/li>\n
  • Invest in anti-phishing cybersecurity tools from a trusted vendor<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

How Trend Micro can help<\/strong><\/p>\n

Trend Micro Security offers capabilities to filter out malicious phishing and spam emails before they even hit your inbox, or to examine them if they do. These include:<\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • Antispam for Outlook<\/strong> analyses any links contained in emails, as well as checking the reputation of the sender, to block phishing emails. It also prevents the installation of malicious files on the user\u2019s machine.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Click Internet & Email Controls<\/strong> > Spam & Emailed Files<\/strong> to open the panel. You can then check the boxes to:<\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • Filter out unsolicited advertisements and other unwanted email messages from your Outlook inbox<\/li>\n
  • Check for threats in files attached to email messages.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

You can also increase the strength of your spam filter in Settings<\/strong>:<\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • High <\/strong>detects almost all spam and fraudulent messages but may misidentify some legitimate email as spam<\/li>\n
  • Medium<\/strong> detects most spam and fraudulent messages and runs only a moderate risk of misidentifying legitimate email as spam<\/li>\n
  • Low<\/strong> detects only the most obvious spam and fraudulent messages, with only a slight chance of identifying legitimate email as spam<\/li>\n
  • Fraud Buster <\/strong>uses cutting-edge AI technology to identify scam emails that don\u2019t contain malicious URLs or attachments but still pose a risk to the user. It protects Gmail and Outlook webmail in Internet Explorer, Chrome, and Firefox on your PC, as well as Gmail on your Mac.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Once switched on, it will send a warning pop-up when you open a scam email, telling you to not follow any instructions contained in the email. You can then decide to Report Dangerous<\/strong> to report the scam or click on Looks Safe<\/strong> to bypass the warning (not recommended). There\u2019s also an option to View Details<\/strong> in the popup to get more info on the scam.<\/p>\n

To find out more about the dangers of phishing and malicious spam and how Trend Micro can help protect you, watch our YouTube videos:<\/p>\n\n\n\n\n
<\/td>\n\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

For more information, go to our website for a Security Products Overview<\/a>.<\/p>\n

Tags: Phishing, Spam, Anti-Fraud, Internet Security<\/p>\n

The post Online Phishing: How to Stay Out of the Hackers\u2019 Nets<\/a> appeared first on <\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Trend Micro| Date: Wed, 20 Nov 2019 14:05:56 +0000<\/strong><\/p>\n

\"Phishing<\/p>\n

Despite the growing popularity of social media and messaging apps, email remains the preferred way to communicate online for millions of Americans. And the bad guys know it. Of the 28.6 billion cyber-threats Trend Micro blocked globally in the first half of 2019, over 24.3 billion were carried by email. That\u2019s 91%. Many of these…<\/p>\n

The post Online Phishing: How to Stay Out of the Hackers\u2019 Nets<\/a> appeared first on <\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10789,714,666],"class_list":["post-16938","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-consumer","tag-security","tag-uncategorized"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16938","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=16938"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16938\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=16938"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=16938"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=16938"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}