The above video as shown in the cyber security awareness training presentation, shows how easy it is, for anyone to create a domain name and email address to impersonate your firm. From there they will be able to send malicious emails also known as phishing emails to people in your firm. These can be devastating as this video demonstrates.
The below phishing email example was one shown in the cyber security awareness training. I’ve highlighted the same sections and hopefully this is now clearer to read for you.
The key points I mentioned included
- The display name on the email is not a person’s name yet it’s apparently been sent by a person called Jonathan.
- They are asking for identity information which as I mentioned is a big red flag.
- They are giving a sense of urgency with deadlines and dates mentioned in multiple locations throughout the email. This is a phycological trick to get us to act on impulse rather than thinking it through.
- Another give away was that I know what the auDA is and they are responsible for .au domain names and this domain is not a .au domain name.
Here is another sample that wasn’t in the cyber security awareness training. This was detected by our email security services and never received. I’m using it for education purposes to show what they look like.
This example is designed to look like a Microsoft 365/Office 365 Alert email. Some of the giveaway signs this is not legitimate include
- Use of the company domain in the display name but the actual from email address doesn’t match. The alerts are generally sent from an @microsoft.com address.
- It was sent to a generic contact email listed on the company website, these are the most likely to targeted if the hackers don’t have an individual persons email address.
- If the link had been clicked on it would have taken you to a fake login page that looked almost exactly like the Microsoft 365/Office 365 login page.
Finally, the URL hover, which as mentioned is only able to be done from either a Computer or Mac. As we know, you can’t hover over a hyperlink on a mobile device. So if you’re doing this from a mobile device, please, do not tap on anything at all, no matter how legit it looks. It can wait.
If you have opened this on a Mac or a PC, you can hover over the destination of that hyperlink and see where it will take you if you click on it. Now again if we use our criteria for a valid domain, we see that the root domain is google and the top level is .com. This should be a safe link to click on.
Unfortunately, cybercriminals have taken to uploading malicious files in to cloud storage such as Google Docs, OneDrive, Dropbox and Box so you need to stop and think before you click. Just because this looks like a legitimate link doesn’t mean that it is. Questions to ask yourself
- Are you expecting the communication?
- Have you spoken with the person or company before?
- If you’re unsure pick up the telephone and call the number listed on their website or business directory not in the contents of the email.
- Also check with someone else if you’re still not sure.
Signs of infection:
- Browser redirecting to a different website than what you'd expect.
- Someone tells you they received an email from you that you did not send.
- You click on a link from an email and enter your username and password without realizing it was a scam site.
- Ransom demand telling you your files are encrypted and to send Bitcoin to get them back.
- Popups that tell you your computer is infected or that you need to run a tool that you're not expecting and familiar with.
- Computer slows down immediately after clicking something.
- An overload of coupons or junk mail.
Next Step:
- First step: Unplug the computer from the internet / network connection (demo blue cables on back of computers). If you're on Wi-Fi, turn off the Wi-Fi connection.
- Second step: Seek Professional Help, don’t try to fix this yourself or Google the answer. Take a photo of the pop-up, website redirect, ransom demand, and any associated emails with your smart phone and open a service ticket with us so we can receive the photo and advise on what the next steps are.
If you have any questions or need assistance, we will be happy to help give you peace of mind. To find out more on how, go to https://www.myinfotechpartner.com.au/ps-cyber-risk/ or call 08 6244 2556.