27/05/2015
Spear Phishing/ Smishing / Vishing: Scam
“The spear phisher thrives on familiarity. He knows your name, your email address, phone number, and at least a little about you.”
Introduction
The latest twist on phishing is spear phishing. No, it's not a game, it's a scam and you're the target. Spear phishing is an email that appears to be from an individual or business that you know. But it isn't. It's from the same criminal hackers who want your credit card, ATM card and bank account numbers, Pin, secret questions, passwords, and the financial information on your PC. Learn how to protect yourself.
Email from a "Friend"
The spear phisher thrives on familiarity. He knows your name, your email address, and at least a little about you. The salutation on the email message is likely to be personalized: "Hi Eze/Atiku/Toyin" instead of "Dear Sir." The email may make reference to a "mutual friend." Or to a recent online purchase you've made. Because the email seems to come from someone you know, you may be less vigilant and give them the information they ask for. And when it's a company you know asking for urgent action, you may be tempted to act before thinking.
How do you become a target of a spear phisher? From the information you put on the Internet from your PC or smartphone. For example, they might scan social networking sites, find your page, your email address, your friends list, and a recent post by you telling friends about the cool new camera you bought at an online retail site (like Jumia, Konga,eBay etc). Using that information, a spear phisher could pose as a friend, send you an email, and ask you for a password to your photo page. If you respond with the password, they'll try that password and variations to try to access your account on that online retail site you mentioned. If they find the right one, they'll use it to run up a nice tab for you. Or the spear phisher might use the same information to pose as somebody from the online retailer and ask you to reset your password, or re-verify your credit card number. If you do, he'll do you financial harm.
Remember to always Keep Your Secrets Secret……………
How safe you and your information remain depends in part on you being careful. Take a look at your online presence. How much information is out there about you that could be pieced together to scam you? Your name? Email address? Family member’s names? Friends' names? Their email addresses? Are you on, for example, any of the popular social networking sites? Take a look at your posts. Anything there you don't want a scammer to know? Or have you posted something on a friend's page that might reveal too much?
How Phishing Works
Suppose you check your e-mail one day and find a message from your bank. You've gotten e-mail from them before, but this one seems suspicious, especially since it threatens to close your account if you don't reply immediately. What do you do?
This message and others like it are examples of phishing, a method of online identity theft. In addition to stealing personal and financial data, phishers can infect computers with viruses and convince people to participate unwittingly in money laundering.
Most people associate phishing with e-mail messages that spoof, or mimic, banks, credit card companies or other business like jumia, konga, Amazon and eBay. These messages look authentic and attempt to get victims to reveal their personal information. But e-mail messages are only one small piece of a phishing scam.
From beginning to end, the process involves:
1. Planning. Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business. They often use the same mass-mailing and address collection techniques as spammers.
2. Setup. Once they know which business to spoof and who their victims are, phishers create methods for delivering the message and collecting the data. Most often, this involves e-mail addresses, Phone numbers and a Web page.
3. Attack. This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source.
4. Collection. Phishers record the information victims enter into Web pages or popup windows (Pharming Attack).
5. Identity Theft and Fraud. The phishers use the information they've gathered to make illegal purchases or otherwise commit fraud. As many as a fourth of the victims never fully recover Oops.
If the phisher wants to coordinate another attack, he evaluates the successes and failures of the completed scam and begins the cycle again.
Phishing scams take advantages of software and security weaknesses on both the client and server sides. But even the most high-tech phishing scams work like old-fashioned con jobs, in which a hustler convinces his mark that he is reliable and trustworthy.
Next steps the phishers take is to convince victims that their messages are legitimate.
Since most people won't reveal their bank account, credit card number or password to just anyone, phishers have to take extra steps to trick their victims into giving up this information. This kind of deceptive attempt to get information is called social engineering.
Phishers often use real company logos and copy legitimate e-mail messages, replacing the links with ones that direct the victim to a fraudulent page. They use spoofed, or fake, e-mail addresses in the "From:" and "Reply-to" fields of the message, and they obfuscate links to make them look legitimate. But recreating the appearance of an official message is just part of the process.
Most phishing messages give the victim a reason to take immediate action, prompting him to act first and think later. Messages often threaten the victim with account cancellation if he doesn't reply promptly. Some thank the victim for making a purchase he never made. Since the victim doesn't want to lose money he didn't really spend, he follows the message's link and winds up giving the phishers exactly the sort of information he was afraid they had in the first place.
In addition, a lot of people trust automatic processes, believing them to be free from human error. That's why many messages claim that a computerized audit or other automated process has revealed that something is amiss with the victim's account. The victim is more likely to believe that someone has been trying to break into his account than believe that the computer doing the audit made a mistake.
Anti-Phishing
The steps you normally take to protect your computer, like using a firewall and anti-virus software, can help protect you from phishing. You can review Web sites' SSL certificates and your own bank and credit card statements for an extra measure of safety.
In addition, phishers tend to leave some telltale signs in their e-mail messages and Web pages. When you read your e-mail, you should be on the lookout for:
1. Generic greetings, like "Dear Customer." If your bank sends you an official correspondence, it should have your full name on it.
2. Threats to your account and requests for immediate action, such as "Please reply within five business days or we will cancel your account." Most companies want you as a customer and are not likely to be so quick to lose your business.
3. Requests for personal information. Most businesses didn't ask for personal information by phone or through e-mail even before phishing became a widespread practice.
4. Suspicious links. Links that are longer than normal, contain the @ symbol or are misspelled could be signs of phishing. It's safer to type the business's URL into your browser than to click on any link sent in e-mail.
5. Misspellings and poor grammar.
Other Safeguard/ controls
1. Passwords That Work
Think about your passwords. Do you use just one or easy to figure out variations on just one? If you do either, you shouldn't, because you're making it easy for a scammer to get access to your personal financial information. Every password for every site you visit should be different, really different. Random letters and numbers work best. Change them frequently. Your Internet security software and operating system can help you keep track of your passwords.
2. Patches, Updates, and Security Software
When you get notices from software vendors to update your software, do it. Most operating system and browser updates include security patches. Your name and email address may be all it takes for a hacker to slip through a security hole into your system. And it almost goes without saying, you should be protected by Internet security software, and it should always be up to date.
3. Be Smart
If a "friend" “Bank” Job Hunt sites” emails and asks for a password or other information, call or email (in a separate email) that friend to verify that they were really who contacted you. The same goes for banks and businesses. First of all, legitimate businesses won't email you asking for passwords or account numbers. If you think the email might be real, call the bank or business and ask. Or visit the official website. Most banks have an email address to which you can forward suspicious emails for verification.
And always remember: Don't give up too much personal information online, because you never know who might use it against you.
In conclusion when responding to Phishing, that is If you get an e-mail that you believe is a phishing attempt, you should not reply to it, click on the links or provide your personal information. Instead, you should report the attempt to the business being spoofed. Use their Web site or phone number rather than following links in the suspect e-mail.
Thank you for reading, I hope this little article helped. like, share, and also invite your friends