The Only People Who Ask For Your Password …

Posted on 2012-10-05 by mike

… are people who wish to abuse your account(s).

We are constantly bombarded with spam, and whilst the existing defences protect us against most of it some still gets through. And quite a bit of that spam is intended to get us to provide our account details or other personal details to a third party. I have only three spam messages in my spam folder this morning; at least one is a so-called “phishing” attack … designed to make me login to my “NewEgg” account via a link in the email.

There are a number of different tactics used in phishing attacks :-

  1. An upgrade in the organisation’s email service which mysteriously requires you to fill in a form with your username and password.
  2. A message about some sort of bank activity that requires you to login via a supplied link.
  3. You have won a lottery that you never entered.
  4. A threat to close an account for the wrong kind of activity. I can’t count the number of times my eBay account has been “closed”.
  5. Notification regarding tax issues – a refund (as if!), or tax owing, etc.

Sometimes the phishing emails ask you to ring a number (where you’ll be asked for personal details), but most commonly directs you to a web form asking for details. This can looks surprisingly official complete with logos, appropriate wording, etc.

Once you have provided details, those details may well be used for all sorts of purposes including :-

  • Emptying your bank account.
  • Applying for credit cards in your name.
  • Using your UoP account details to send spam in your name – not always with your email address on, but using your credentials.
The key defences against phishing attacks are :-
  1. Be suspicious of emails you receive even if it looks to be from a familiar contact. That doesn’t mean you should disbelieve anything received via email – most of it will be legitimate. Simply be suspicious.
  2. If an email asks you to login via a link in the email, do not click!!
  3. If you are not sure whether the email is legitimate or not, ask! Simply phone the sender of the email to see if they genuinely sent it.
  4. Lastly but in what is a surprisingly effective counter-measure, check the email for problems with the language – not just whether the grammar and spelling are correct, but whether the language is appropriate (my bank rarely addresses me as “Hey Dude!”).

For further information on Phishing, there are a number of links :-

This entry was posted in Uncategorised. Bookmark the permalink.