Phishing emails on the rise again – don’t get caught!
I came across 3 new spam/phishing emails and one Trojan Horse email this week alone. I thought you need to know about them and consider yourself warned NOT to open any link or attachment.
Phishing Email 1
Apparently I’ve bought a phone from Amazon.com and this is the shipping confirmation.
I haven’t bought anything from Amazon in the States (dot com domain name) and I already have an iPhone.
What is more dangerous about this email is that it is not telling you to click the link, it just sits there expecting you to want to find out more. The link goes nowhere near Amazon and you will end up giving some criminal your Amazon login details.
Phishing Email 2
Another nasty email using the Amazon brand name is this one purportedly offering an Amazon reward card etc.
They don’t even pretend that they are Amazon and even let you know that you need to give the more details before you may get a gift card. I doubt any exist.
Phishing Email 3
Dropbox is an excellent tool for storing documents and allowing others to access them from anywhere, including you.
The link wanting me to open this file apparently shared to me from an Educational email address goes nowhere near Dropbox. Do not click this link!
Malware/Trojan Horse Email
This is another that bothered me. Apparently Companies House has had a complaint about our business. Companies House do not receive complaints about companies. They have confirmed this.
The problem is the Word attachment. Unfortunately Microsoft word can contain programming called MACROS which can install malware on your computer. Do not open the attachment if you get this.
Some definitions to help you
Software which is specifically designed to disrupt, damage, or gain authorised access to a computer system.
A program designed to breach the security of a computer system while ostensibly performing some innocuous function.
The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
The email purports to come from someone you know and sends to someone in the same domain name space, probably the same domain as your “normal” company email address. It cleverly uses first names to reduce the chance that someone will check it more carefully. It looks pretty convincing.
The phish: To convince my colleague at my company that I want them to confirm they can send a bank transfer today and that by emailing me to say that they can, that I would then give them the details of where to send the money to.
So if they do reply then they will automatically be sent account details probably somewhere abroad where it’s difficult, if not impossible to get the money back from.
(If you get caught by this one the your bank maybe able to get away with not compensating you as it would have been your specific instructions that sent the money and you were not hacked – in my opinion anyway).
Clearly the English grammar isn’t quite right and the fact that this would never happen is also of some protection.
But would you get caught if you were in a hurry? – Worth thinking about and discussing with your staff and colleagues. .
ALWAYS look closely at the ACTUAL email address that is sending you the email and never rely on the displayed name. Whenever there is any money involved or reference to finance or account details always check the reality by telephoning the person asking if they really sent it, if it is someone you know of course.