Category: Tips + Tricks

Phishing, vishing + smishing

In a recent post, I highlighted the threat of a recent phone scam involving the HMRC, in this blog post I’ll give you more of a breakdown of phishing, vishing and smishing and give you some examples of how cyber criminals will try to fool you in attempts to gain your details.

phishing

Similar to the art of fishing which is defined as ‘the activity of catching fish, either for food or sport’, phishing is the cyber equivalent where criminals actively try to ‘catch’ your personal information by using deceptive social engineering techniques in the hopes of gaining access to your accounts both personal and financial.

Phishing is carried out via email to obtain sensitive information or data. This is done by spoofing (faking) the email to look like it’s come from a trusted source but with subtle differences. These emails are designed in a way to make you click a malicious link which would take you to a fake website created by the criminals in the hopes that you enter personal information or allow the criminals to install malware (malicious software which could freeze your system or lock your files as part of a ransomware attack).

How does phishing work?

The two main methods criminals use in phishing attacks are links to malicious websites and including malicious attachments. Usually, malicious links will take you to cloned websites of ones you are very familiar with and the malicious attachments usually have ‘click bait’ names such as ‘INVOICE’ which then install malware on your device when opened.

Below is a picture I have taken from the brilliant http://phishing.org which highlights some red flags if you think you have received a phishing email. I have also attached a couple of examples so you know what to look out for.

22 Social Engineering Red Flags

COVID19 GRANT PHISHING EMAIL

scam email with link to phishing website

paypal phishing email

PayPal phishing email example screenshot

4 things to look out for

  1. Legitimate companies will usually address you by name.
  2. Legitimate companies will not ask for your sensitive personal information over email.
  3. Phishing emails are riddled with spelling mistakes.
  4. Hover your mouse over any link to see the destination of the URL.

VISHING + SMISHING

Vishing and smishing have the exact same concept of phishing but are just two specific ways in which criminals will try to steal your information.

Vishing is the fraudulent attack of making phone calls or leaving voice messages in the attempt to get victims to reveal personal information such as bank details and credit card numbers. During a vishing call, criminals will use social engineering techniques to get you to trust them and believe they are who they say they are. They will often spoof their phone number, so it looks like it’s coming from the official business it’s pretending to be. The most common vishing scam is vishing banking. These scams involve a call from someone who says they’re from your bank and that there is problem with your account or with a payment, they will then ask you to transfer funds to a different account to fix the problem. One of the most recent vishing scams is the HMRC tax fraud scam which I wrote about in my last post. 

Smishing is the fraudulent attack that uses misleading text messages to trick victims into giving your private information via a text. Smishing is the same scam as phishing and vishing but the criminals just use text messages in the hopes that you’ll trust this form of communication more. These text messages again may include links which will take you to cloned webpages asking you to input usernames, passwords, and credit card details. 

Below are a few examples of smishing attempts.

smishing-example-amazon
smishing-example-apple

Final thoughts

Since the start of the coronavirus pandemic more and more of us have been victims of phishing attacks. This is due to criminals taking advantage of our new work from home lifestyle, we are more susceptible to these scams as we are making more calls than before, reading more emails, and generally communicating digitally a lot more than if we were still working in the office. Unfortunately, pandemic or not, criminals will take advantage of their victims in any way they can to benefit financially. Hopefully, this blog post has highlighted some of the things to look out for and will hopefully make you think twice before you click on that email from Amazon with your £1000 gift card (insert side eye emoji here). There are so many incredible resources just a google click away when it comes to phishing scams, many large businesses are aware of them and have their teams dedicated to dealing with phishing scams. 

Also a big thanks to Alex @ItsArtBabes for the awesome animation at the top of this blog.

New blog posts every Wednesday and Sunday.

M.

how to get rid of ‘those’ message requests on instagram!

If you’re like the rest of us then you’ve been receiving countless group message requests on instagram and you’re probably sick of it! I know I am! Well today i’m going to show you a simple way of stopping them but first what exactly are they?

Sick of these messages? keep reading.

I’m sure you’ve all heard of spam (no i’m not talking about the canned cooked pork), i’m referring to the annoying bulk messages that you keep finding in your email junk, facebook and instagram message requests folders. In cyber security, the term spam refers to the unsolicited bulk messages being sent through email, instant messaging or other digital communication tools. It’s generally used by advertisers because there are no operating costs and all they need to maintain is their mailing lists. So apart from being a nuisance why is spam bad? Spam can be used to collect sensitive information from users and has also been used to spread viruses and other dangerous malware. Spam often includes messages with links in which you click and it will take you to a spoofed website. This means the website may look how you expect but there are subtle differences for example; different logo or different web address. The criminals spoof websites in order to collect your personal information such as usernames, passwords and credit card details.

Image result for spoofed facebook
A spoofed facebook login page.

So what does this have to do with instagram message requests?

Well as most of you are aware since late 2020 our Instagram message requests have been inundated with group message requests from accounts with pictures of half naked girls with 0 followers. Clicking on these messages can not only be extremely annoying but also highly dangerous. Many of these spam messages are actually pornbots. These are suspicious accounts that send thousands of DM’s in the hope that someone will open the message, click the link and be taken to a porn website in the hopes you sign up and then the criminals can take your money. But you’re clever enough not to input your credit card details right? Some of these links work the same way click bait and advertising do so the criminals can make money just from you clicking on the link.

Below I outline the process in which you can increase your profile security and lower the risk of receiving these messages. Now you will never be 100% secure online but hopefully if you follow these steps it should help a little.

step 1- Head to the settings section of your profile.

step 2- select the privacy option.

step 3- select the messages option.

step 4- select the following options below.

Password managers

What are they? Do I need one?

  • Are you using the same password for more than one application?
  • Would I find your password in the dictionary?
  • Do you forget your passwords easily and often have to reset them?

My guess is you answered yes to at least one of the above questions, if so then you NEED a password manager!

Passwords are a vital part of our online identity, they’re the digital equivalent to a lock on a door which holds all of your personal information. This makes them a prime target for cyber criminals. There are a multitude of ways in which a hacker can crack your password so its super important you have a vault of strong passwords for each site that you use. If a criminal cracks your password they can gain access to your social media, contacts, photos, videos, emails and finances.

I’ll go into detail of how criminals can crack your password in a later blog post but all you need to know right now is if you have an easy password a criminal can crack it quicker than you can read this paragraph. Examples of easy to crack passwords include those that feature common words that you would find in a dictionary, personal information such a birthday or passwords that are shorter than 8 characters long. Using large lists of stolen passwords bought off the dark web, cyber criminals can brute force their way into your lives and then use this to scam you.

The average user has around 100 passwords.

Nordpass 2020

what can i do to protect my passwords?

Well i’m glad you asked! This is where password managers come in to play.

Password managers basically act as an online vault for you to store all your personal information including passwords, addresses and even bank details. They store your login information for all the websites you use and help you log into them automatically. In 2020 Nordpass reported that the average user has around 100 passwords. As technology advances so do the list of passwords we have to remember for each new application and website we sign up for. Password managers encrypt your password database with one ‘master password‘ meaning you only have to remember one password.

What are the benefits of using a password manager?

  • You dont have to remember 100 passwords, just remember one master password.
  • They can auto fill extremely complicated passwords for you such as ‘9y6JlBYf8PiY’ instead of using ‘password123’.
  • They save time by auto filling not only your password but can also auto-fill your personal details in online forms (especially handy when online shopping).

So which password manager should i use?

Many desktops and laptops have password managers which store your passwords locally on your device in an encrypted vault however you can’t access these if you lose the device or if that device becomes compromised.

I would suggest using a cloud based password manager.

The main beenfit of using a cloud based password manager is that you can access it from multiple devices. Many browsers such as safari, chrome and edge all come with password managers installed in them. These are a great starting point for storing passwords.

I personally would recommend the use of LASTPASS. https://www.lastpass.com/

LastPass is a free to use password manager. With an easy-to-use dashboard with unlimited storage, LastPass remembers every password and syncs across all your devices for free. LastPass secures everything you need, from passwords to digital notes, addresses to financial information.

Free features include:

  • Secure password vault
  • Access on all devices
  • One-to-one sharing
  • Save and fill passwords
  • Password generator
  • Secure notes
  • Security challenge
  • Multifactor authentication
  • LastPass Authenticator

how it works

Design a site like this with WordPress.com
Get started