Demystify Cyber Project

Articles by the cybersecurity community

Protect yourself from #cybercrime - seasonal scams

Any significant retail event or seasonal holiday makes for great cybercrime attempts!

While people are looking forward to seasonal holidays, buying gifts and getting bagains, criminals are looking forward to exploit them.

Looking for online bargains? Please check the spelling of the link you are on as criminals buy and register web domains with common typos of well known stores. Just to trick shoppers and steal their PII and money.
So many successful seasonal sales on legitimate websites, leads to criminals creating faked retailer pages to trick shoppers into sharing their money and details with them. Criminals are known to buy website domain names that are typos of legitimate sites and also to buy certificates to ensure the website is ‘HTTPS’ making it appear legitimate. For example, say that a major retailer has a site called ‘https happysales com’, a criminal may purchase a site with security certification and words that look similar, ‘https happysalles com’. They may even send spam emails spoofing well known retailers and direct people to their site where they phish for credit card details and personal information.
When taking advantage of seasonal sales and bargains don't let criminals take advantage of you!
  • Check website addresses before you enter any details.
  • Only enter financial information on secured connections and also do not enter any personal or financial detail while on free WiFi.
  • Do not provide more information than needed. Do they really need your fill birth date to sell you a magazine subscription?
  • Be wary of discounts that sound too good to be true – because they probably are!

Labels: ,

Excerpt from book Unmasking the Hacker - phishing

It is Sunday 24 November 2019 as I write this. I am working on the draft of my book and hope to have it in a good state to do edits and rewrites in December to have it published by January 2020!

 Updates of my book project are available from this page >> Book Updates << and once I have published it, this page will also have updates of new book projects and any giveaways associated wiht them.

 Below is an excerpt of one of the chapters of my book "Unmasking the Hacker, Demystifing cybercrime", this one is on phishing.


The term phishing dates back to 1996 with the AOHell scammers and it is a type of technology-based scam where emails are made to appears as being sent from legitimate companies or familiar people in order to trick the recipients. There is nothing mystical in why phishing is successful, and neither are the perpetrators of this type of cybercrime shadowy figures in hoodies. Phishing emails exploit human psychology, using social engineering techniques, to trick the recipient into providing their account credentials or paying spoofed invoices. Common syntax in phishing emails, for example, is designed to make the recipient act fast without thinking their actions through, with their call to immediate action, spoofed believable entities and appeal to people to do the right thing. Phishing emails, for example, often convey a sense of urgency[i] which encourages recipients to make panicked hurried decisions, where they do not take the time to think whether or not the message is legitimate.

Successful phishing emails rely on being believable, playing to emotions and the false sense of security of the recipient. These scam emails whether they are baiting for credentials, money or intellectual property, rely on being believable, they spoof trusted brands or people and relate to everyday topics such as invoices, correcting log in issues or post deliveries. Phishing emails play to emotions with subject lines designed to scare or promote a sense of urgency in the recipient, or by cajoling or encouraging the recipient to do the right thing and click the link to fix a payment for example. Phishing emails also have success as end users may have a false sense of security believing that spam filters will block all malicious emails, or maybe having an over confidence in their own abilities to spot scams. Criminals send, or use bots to send, bulk phishing emails that they know will have success somewhere as so many are sent.


[i] Ferreira, A., & Lenzini, G. (2015, July). An analysis of social engineering principles in effective phishing. In 2015 Workshop on Socio-Technical Aspects in Security and Trust (pp. 9-16). IEEE.


Labels: ,

Be wary of phishing - what to check for


Be wary of scam emails
·      Check the display name against the email address
·      Hover and check links (do NOT click on them to see where they go)
·      Analyse the salutation and sentence style
·      Beware of urgent or threatening language in the subject line
·      Be cautious of attachments you weren’t expecting
·      Don’t offer to pay/change accounts/ or provide information without verifying the sender’s legitimacy




Labels:
Subscribe to: Posts (Atom)