In this third issue of phishing newsletter, we will explore phishing that is largely associated with emails.

1. Email Phishing a.k.a. Deception Phishing

What: Cybercriminals typically send emails impersonating known brands to create a heightened sense of urgency get you to click on a link or download an asset. Clicking the link will give the cybercriminal access to your personal information such as bank details so they can steal your money. Whereas downloading an asset such as a PDF will install malware on your device when you open it.

How to detect & what to do?

• Shortened link: Typically, cybercriminals would mask their malicious website URL into a shortened link. Make sure that the link is in its original, long-tail format and shows all parts of the URL. For your own safety, ignore the email. If you are convinced that the shortened URL is legitimate, call the organisation to verify.
• Irregularities: Look out for irregularities like spelling errors, unusual colour schemes, and distorted logos. The best thing to do is to ignore such emails.

2. Clone Phishing

What: The cybercriminal clones a legitimate email that you received from a trusted organisation or person. They will send you an email in the pretext that the previous email was missing some information and ask you to share your personal information or click on a link that downloads malicious content which seeks to install malware onto your personal device.

How to detect & what to do?

• Personal information: Be alert especially when an email sender is asking you for your personal information. Keep your credentials secure by not sharing them with anyone, especially over suspcisious emails.
• Check the URL: Before clicking on any landing page, hover over the link in the email to check its authenticity first. Make sure the URL displayed on the link is the same as the hyperlink you are going to click on.
• Irregularities: Look out for irregularities like spelling errors, unusual colour schemes, and distorted logos. The best thing to do is to ignore such emails.

3. HTTPS Phishing

What: It is quite common to have URLs in an email. However, not all URLs are secure. Cybercriminals tend to insert URLs that at HTTP instead of HTTPS. The hypertext transfer protocol secure (HTTPS) is often considered a “safe” link to click because it uses encryption to increase security. Most legitimate organisations now use HTTPS instead of HTTP to establish legitimacy. But stay alert! Cybercriminals have started using HTTPS links in their phishing emails too.

How to detect & what to do?

• URL only has HTTP: If the URL is just HTTP, it is not secure so you should ignore it. Even if it is HTPPS, keep a look-out for signs that it is one of the other various possible phishing attacks. Remember that cybercriminals have started HTTPS links in their phishing emails!
• Download or click on a link: Consider everything before clicking a link or downloading an attachment. As stated above, just because it is a HTTPS website and looks legitimate, that does not guarantee that it is safe. Check everything else too.

Report email & phishing scams to: [email protected]. Report social scams & phishing via Whatsapp or SMS to: +60187000911.

As always, be extra careful before you click on a URL or download an attachment from your inbox. Click wisely.