Our last blog reviewed in some detail as to what a Phishing E-Mail actually looks like.  To review, this kind of E-Mail message is designed to trick you to either enter your confidential information making you click on a phony website link, or even take you to a phony website (such as that of your financial institution), and from there, enter in your username and password combination.  Once the Cyber attacker has access to this, they can launch all kinds of attacks, such as conducting fraudulent transactions on your bank account or credit card, or even stealing your entire identity.

In this blog, we continue with what to look out for in a Phishing E-Mail.  Here we go:

  • The E-Mail message says that you have won a contest:

How often do you get that phone call saying that you have won a contest, and that your prize is waiting for you, contingent upon sharing your personal information?  Well, the Cyber attacker is now deviating from this old tactic, and now resorting to doing it an E-Mail.  Actually, this is just another form of Social Engineering.  For example, rather than preying upon your fears, the Cyber attacker is now preying upon your need to feel good about something.  After all, who doesn’t want to win something?  However, the Phishing E-Mails of today are select on the kinds of contents that you have hypothetically won, in that they focus on smaller items, such as a lottery ticket, or another similar prize.  The Cyber attacker knows that if the amount is too large, this would be a red flag, and thus, the message would get deleted immediately.

  • The E-Mail message asks you to donate to a worthy cause:

This is another form of a Social Engineering attack, in that the Cyber attacker is once again preying upon your feelings in the need to help others whom are worse off then you are.  But, these kinds of E-Mails traditionally occur only after some great disaster has happened, which has affected thousands of individuals.  Probably the best example of this is the Hurricane Katrina tragedy.  After this incident occurred, the American Red Cross reported over 15 fraudulent websites were created under their name.  As a result, many credit card numbers were stolen.  If you receive an E-Mail like this just after a tragedy has occurred, more than likely, this is a Phishing E-Mail.  If in doubt, always contact the legitimate donation agency, and make your contribution directly at that site.

  • The E-Mail message contains a malicious attachment:

In today’s world of business, millions of messages are transmitted back and forth with attachments.  So how do you know which is a legitimate attachment?  The only way you can tell is that if you have requested that certain spreadsheet or document.  A legitimate organization will never send you an attachment unless you have specifically requested.  And if there are any doubts, always contact the sender to confirm its legitimacy.  This is kind of Phishing E-Mail can be considered to be the worst form, because the attachment could contain Malware which not could only infect your computer, but others as well in a Botnet style attack.

Our next blog will examine ways in which you can prevent yourself from being a victim in a Phishing E-mail.