KbKnowledge /

3020c9b1474321009db4b5b08b9a712d

Summary
Number:KB0000028Workflow:published
Knowledge Base:ITPublished:2014-09-09
Category:Email  
Author:Ron Kettering  
Valid to:2100-01-01  
Short description:What are phishing scams and how can I avoid them?\n\t\t

Phishing explained


Phishing Explained


Phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises (e.g., your company, your Internet service provider, your bank). These messages usually direct you to a spoofed web site or otherwise get you to divulge private information (e.g., passphrase, credit card, or other account updates). The perpetrators then use this private information to commit identity theft.


One type of phishing attempt is an email message stating that you are receiving it due to fraudulent activity on your account, and asking you to "click here" to verify your information.


Phishing scams are crude social engineering tools designed to induce panic in the reader. These scams attempt to trick recipients into responding or clicking immediately, by claiming they will lose something (e.g., email, bank account). Such a claim is always indicative of a phishing scam, as responsible companies and organizations will never take these types of actions via email.


Specific types of phishing


Phishing scams vary widely in terms of their complexity, the quality of the forgery, and the attacker's objective. Several distinct types of phishing have emerged.


Spear phishing


Phishing attacks directed at specific individuals, roles, or organizations are referred to as "spear phishing". Since these attacks are so pointed, attackers may go to great lengths to gather specific personal or institutional information in the hope of making the attack more believable and increasing the likelihood of its success.


The best defense against spear phishing is to carefully, securely discard information (i.e., using a cross-cut shredder) that could be used in such an attack. Further, be aware of data that may be relatively easily obtainable (e.g., your title at work, your favorite places, or where you bank), and think before acting on seemingly random requests via email or phone.


Whaling


The term "whaling" is used to describe phishing attacks (usually spear phishing) directed specifically at executive officers or other high-profile targets within a business, government, or other organization.


Avoiding phishing scams


The Company and other reputable organizations will never use email to request that you reply with your passphrase, Social Security number, or confidential personal information. Be suspicious of any email message that asks you to enter or verify personal information, through a web site or by replying to the message itself. Never reply to or click the links in a message. If you think the message may be legitimate, go directly to the company's web site (i.e., type the real URL into your browser) or contact the company to see if you really do need to take the action described in the email message.


When you recognize a phishing message, delete the email message from your Inbox, and then empty it from the deleted items folder to avoid accidentally accessing the web sites it points to.


Always read your email as plain text.


Phishing messages often contain clickable images that look legitimate; by reading messages in plain text, you can see the URLs that any images point to. Additionally, when you allow your mail client to read HTML or other non-text-only formatting, attackers can take advantage of your mail client's ability to execute code, which leaves your computer vulnerable to viruses, worms, and Trojans.


Warnings


Reading email as plain text is a general best practice that, while avoiding some phishing attempts, won't avoid them all. Some legitimate sites use redirect scripts that don't check the redirects. Consequently, phishing perpetrators can use these scripts to redirect from legitimate sites to their fake sites.


Another tactic is to use a homograph attack, which, due to International Domain Name (IDN) support in modern browsers, allows attackers to use different languagecharacter sets to produce URLs that look remarkably like the authentic ones.


Reporting phishing attempts


  • If the phishing attempt targets the Company in any way (e.g., asks for the Company's Webmail users to "verify their accounts", includes a malicious PDF directed to human resources, or impersonates the Company), forward it with full headers to the Company Information Security Office.
  • You can report a phishing scam attempt to the company that is being spoofed.
  • You can also send reports to the Federal Trade Commission (FTC).
  • Depending on where you live, some local authorities also accept phishing scam reports.
  • Finally, you can send details to the Anti-Phishing Working Group, which is building a database of common scams to which people can refer.

Example of a phishing scam


The following phishing scam was targeted at Servicenow users:


-----------------------------------------------------------------

From: "SERVICENOW.ORG SUPPORT TEAM" 
Reply-To: "SERVICENOW.ORG SUPPORT TEAM" 
Date: Sat, 12 Jul 2008 17:42:05 -0400
To: <"Undisclosed-Recipient:;"@iocaine.uits.indiana.edu>
Subject: CONFIRM YOUR ACCOUNT

Dear SERVICENOW.ORG Webmail Subscriber

This mail is to inform all our {SERVICENOW.ORG} webmail users that we
will be maintaining and upgrading our website in a couple of days from
now.As a Subscriber you are required to send us your Email account
details to enable us know if you are still making use of your
mailbox. Be informed that we will be deleting all mail account that is
not functioning to enable us create more space for new employees and
managers in the company, You are to send your mail account details which
are as follows:

*User Name:
*Password:
*Date of birth:

Failure to do this will immediately render your email address deactivated from our database.

Thank you for using SERVICENOW.ORG
FROM THE SERVICENOW.ORG SUPPORT TEAM

------------------------------------------------------------------

Click for Variables

short_description
What are phishing scams and how can I avoid them?\n\t\t
roles
wiki
direct
false
rating
description
source
sys_updated_on
2019-11-24 15:50:26
disable_suggesting
false
sys_class_name
kb_knowledge
number
KB0000028
sys_id
3020c9b1474321009db4b5b08b9a712d
use_count
0
sys_updated_by
bert.haddad
flagged
false
disable_commenting
false
sys_created_on
2014-09-09 23:31:10
valid_to
2100-01-01
retired
workflow_state
published
text
<p><strong><span style="font-size: 18pt;">Phishing explained</span></strong></p>\n<p><strong><span style="font-size: 12pt;">Phishing Explained</span></strong></p>\n<p>Phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises (e.g., your company, your Internet service provider, your bank). These messages usually direct you to a spoofed web site or otherwise get you to divulge private information (e.g., passphrase, credit card, or other account updates). The perpetrators then use this private information to commit identity theft.</p>\n<p>One type of phishing attempt is an email message stating that you are receiving it due to fraudulent activity on your account, and asking you to "click here" to verify your information.</p>\n<p>Phishing scams are crude social engineering tools designed to induce panic in the reader. These scams attempt to trick recipients into responding or clicking immediately, by claiming they will lose something (e.g., email, bank account). Such a claim is always indicative of a phishing scam, as responsible companies and organizations will never take these types of actions via email.</p>\n<p><span style="font-size: 12pt;"><strong>Specific types of phishing</strong></span></p>\n<p>Phishing scams vary widely in terms of their complexity, the quality of the forgery, and the attacker's objective. Several distinct types of phishing have emerged.</p>\n<h3><span style="font-size: 10pt;">Spear phishing</span></h3>\n<p>Phishing attacks directed at specific individuals, roles, or organizations are referred to as "spear phishing". Since these attacks are so pointed, attackers may go to great lengths to gather specific personal or institutional information in the hope of making the attack more believable and increasing the likelihood of its success.</p>\n<p>The best defense against spear phishing is to carefully, securely discard information (i.e., using a cross-cut shredder) that could be used in such an attack. Further, be aware of data that may be relatively easily obtainable (e.g., your title at work, your favorite places, or where you bank), and think before acting on seemingly random requests via email or phone.</p>\n<h3><span style="font-size: 10pt;">Whaling</span></h3>\n<p>The term "whaling" is used to describe phishing attacks (usually spear phishing) directed specifically at executive officers or other high-profile targets within a business, government, or other organization.</p>\n<h2><span style="font-size: 12pt;">Avoiding phishing scams</span></h2>\n<p>The Company and other reputable organizations will never use email to request that you reply with your passphrase, Social Security number, or confidential personal information. Be suspicious of any email message that asks you to enter or verify personal information, through a web site or by replying to the message itself. Never reply to or click the links in a message. If you think the message may be legitimate, go directly to the company's web site (i.e., type the real URL into your browser) or contact the company to see if you really do need to take the action described in the email message.</p>\n<p>When you recognize a phishing message, delete the email message from your Inbox, and then empty it from the deleted items folder to avoid accidentally accessing the web sites it points to.</p>\n<p>Always read your email as plain text.</p>\n<p>Phishing messages often contain clickable images that look legitimate; by reading messages in plain text, you can see the URLs that any images point to. Additionally, when you allow your mail client to read HTML or other non-text-only formatting, attackers can take advantage of your mail client's ability to execute code, which leaves your computer vulnerable to viruses, worms, and Trojans.</p>\n<p><span style="font-size: 12pt;"><strong>Warnings</strong></span></p>\n<p>Reading email as plain text is a general best practice that, while avoiding some phishing attempts, won't avoid them all. Some legitimate sites use redirect scripts that don't check the redirects. Consequently, phishing perpetrators can use these scripts to redirect from legitimate sites to their fake sites.</p>\n<p>Another tactic is to use a homograph attack, which, due to International Domain Name (IDN) support in modern browsers, allows attackers to use different languagecharacter sets to produce URLs that look remarkably like the authentic ones.</p>\n<h2><span style="font-size: 12pt;">Reporting phishing attempts</span></h2>\n<ul><li>If the phishing attempt targets the Company in any way (e.g., asks for the Company's Webmail users to "verify their accounts", includes a malicious PDF directed to human resources, or impersonates the Company), forward it with full headers to the Company Information Security Office. </li><li>You can report a phishing scam attempt to the company that is being spoofed. </li><li>You can also send reports to the Federal Trade Commission (FTC). </li><li>Depending on where you live, some local authorities also accept phishing scam reports. </li><li>Finally, you can send details to the Anti-Phishing Working Group, which is building a database of common scams to which people can refer.</li></ul>\n<p><span style="font-size: 12pt;"><strong>Example of a phishing scam</strong></span></p>\n<p>The following phishing scam was targeted at Servicenow users:</p>\n<pre class="example">-----------------------------------------------------------------\n\nFrom: "SERVICENOW.ORG SUPPORT TEAM" <supportteam01@indiana.edu>\nReply-To: "SERVICENOW.ORG SUPPORT TEAM" <spupportteam@info.lt>\nDate: Sat, 12 Jul 2008 17:42:05 -0400\nTo: <"Undisclosed-Recipient:;"@iocaine.uits.indiana.edu>\nSubject: CONFIRM YOUR ACCOUNT\n\nDear SERVICENOW.ORG Webmail Subscriber\n\nThis mail is to inform all our {SERVICENOW.ORG} webmail users that we\nwill be maintaining and upgrading our website in a couple of days from\nnow.As a Subscriber you are required to send us your Email account\ndetails to enable us know if you are still making use of your\nmailbox. Be informed that we will be deleting all mail account that is\nnot functioning to enable us create more space for new employees and\nmanagers in the company, You are to send your mail account details which\nare as follows:\n\n*User Name:\n*Password:\n*Date of birth:\n\nFailure to do this will immediately render your email address deactivated from our database.\n\nThank you for using SERVICENOW.ORG\nFROM THE SERVICENOW.ORG SUPPORT TEAM\n\n------------------------------------------------------------------</pre>
sys_created_by
bert.haddad
display_attachments
false
image
sys_view_count
0
article_type
text
cmdb_ci
author
Ron Kettering
my_author
Ron Kettering
my_author_link
SysUser.62d78687c0a8010e00b3d84178adc913
can_read_user_criteria
sys_mod_count
4
active
true
cannot_read_user_criteria
published
2014-09-09
sys_domain_path
/
sys_tags
meta_description
kb_knowledge_base
IT
my_kb_knowledge_base
IT
my_kb_knowledge_base_link
KbKnowledgeBase.A7e8a78bff0221009b20ffffffffff17
meta
topic
Email
category
Tips and Tricks
kb_category
Email
my_kb_category
Email
my_kb_category_link
KbCategory.5681bf8bff0221009b20ffffffffff95
my_sys_class_name_link
KbKnowledge.3020c9b1474321009db4b5b08b9a712d