Email Phishing Attacks

Economical and Disease Fears and Unrest Spawn Email Phishing Attacks

Well as always, there’s someone out there looking to turn a tragedy into a profit – and with public fear of covid, election, and election result anxiety being fanned by the media, we have our first Phishing scams being launched.

Brandishing “safety measures”, phishing attacks quickly gaining traction. Here’s an example of one of the attempts:

The email, which may carry the logo of the World Health Organization, IRS, State Department, A Political Party:

If you’re a fluent English speaker, as it’s laden with spelling mistakes and other obvious errors I’m pretty sure the major entities would pick up on.

Never trust an email. Be vigilant. If something looks suspicious, it probably is. Phishing attempts are becoming more and more prevalent, and their numbers are increasing – and clearly, would-be attacks will use anything they can to alleviate you of your precious passwords.

Here’s a helpful checklist of what to do when you receive an email. It’ll keep you safe!

  • Never let yourself feel pressured into clicking a link in an email. Most importantly, don’t act on an advice you didn’t ask for and weren’t expecting. If you are genuinely seeking advice on anything, do your own research and make your own choice about where to look.
  • Don’t be taken in by the sender’s name. This scam says it’s from “I.R.S or WHO”, but the sender can put any name they like in the From: field.
  • Look out for spelling and grammatical errors. Not all crooks make mistakes, but many do. Take the extra time to review messages for telltale signs that they’re fraudulent – it’s bad enough to get scammed at all without realizing afterward that you could have spotted the fraud upfront.
  • Check the URL before you type it in or click a link. If the website you’re being sent to doesn’t look right, stay clear. Do your own research and make your own choice about where to look.
  • Never enter data that a website shouldn’t be asking for. There is no reason for a health awareness web page to ask for your email address, let alone your password. If in doubt, don’t give it out.
  • If you realize you just revealed your password to imposters, change it as soon as you can. The crooks who run phishing sites typically try out stolen passwords immediately (this process can often be done automatically), so the sooner you react, the more likely you will beat them to it.
  • Never use the same password on more than one site. Once crooks have a password, they will usually try it on every website where you might have an account, to see if they can get lucky.
  • Turn on two-factor authentication (2FA) if you can. Those six-digit codes that you receive on your phone or generate via an app are a minor inconvenience to you but are usually a huge barrier for the crooks because just knowing your password alone is not enough.

AT NTT, We can help you parse through the myriad of technical challenges and solutions and deliver an out-of-the-box robust, and continually managed security platform. If you’re concerned for your business security, and the growing pressure from external and internal security threats, contact us for a free audit of your existing systems and processes.