March is Fraud Awareness Month, and as an Internet Service Provider (ISP), Diallog has seen many online scams. One of the most common is “phishing.”
No one is immune. An estimated three quarters of us have fallen victim to some type of cybercrime (Source), and Security Intelligence estimates that the global cost of cybercrime will reach $2 trillion by 2019. Cybercrime isn’t just about remote hackers working from a dark basement in a faraway country attacking government or large company databases. Often, it’s about email scams aimed at everyday people.One of the most common forms of cybercrime is phishing.
Chances are, you’ve been a target of a phishing scam.
What is phishing?
Simply put, phishing is a technique where a perpetrator impersonates a person of authority (a bank or insurance company, for example) and tricks the victim into willingly providing personal or sensitive information. Phishing can occur through telephone calls and online links, but most often, they are through an email.
Hackers are clever. They impersonate all types of individuals within companies, and have evolved who they can reach. They duplicate email addresses, URLs, and links to make the emails seem completely legitimate. Even the most discerning tech user can find themselves a victim of phishing.
Here’s an example of a phishing email:
We have noticed some recent suspicious activity on your account. As a result, your account has been disabled.
What should you do?
If your account was locked, you can use the two-step verification process to unlock. Once you have confirmed your account informations, it will start normally again.
If you don’t confirm your account within 24 hours, it will be permanently frozen.
START VERIFICATION PROCESS
Jane S. Reid,
Customer Service Manager
How to Identify a Phishing Email
While phishing emails are getting more and more sophisticated, the good news is that with a little training, even the most new to technology users can detect a phishing scam. Here are ways to tell if the email you’ve received is phishing:
- The display name is suspicious
There are often very obvious signs in the “From” portion of the email. For instance, if a fraudster wanted to spoof the hypothetical brand “My Bank,” the email may look something like:
To: You (firstname.lastname@example.org)
From: My Bank (email@example.com)
Subject: Unauthorized Login Attempt
Often, it can be an obvious mismatch, like the one above, where the email address is different from the actual company’s email address. Companies will typically have their own URL address – Scotiabank’s website address will be www.scotiabank.ca.
- The message contains a mismatched URL or a misleading domain name
Hover your mouse over the URL link (BUT DO NOT CLICK IT) and you’ll see the domain name. It might be something like www.active2015878.com, which will indicate that it is not legitimate. In some cases, it may actually contain parts of the company name, such as www.diallogservice123.com, but it will be different than the company’s actual URL. Again – do not click this link!
- The message doesn’t address you personally
In most examples, phishing emails do not identify you by name. They often state ‘Customer’ or ‘Valued Client,’ or another iteration. Some may use the first part of your email address, such as ‘jsmith’ or ‘smithjohn’ as though it were your name. Be wary of any emails that require action but do not address you personally.
- The message contains poor spelling and grammar
This one is the most telling. Poor grammar and incorrect spelling is a sure sign that the email isn’t legitimate, as it may have been written by a computer or by someone without careful review. Corporate emails may have an occasional typo, but they will appear to be written with care. Even in the above example, you’ll notice there is an obvious error: Once you have confirmed your account informations, it will start normally again.
- The message asks for personal information
Legitimate emails from corporations will rarely ask for personal information from you, as they will already have it. If you’re asked to give up personal information such as your social insurance number (SIN), date of birth, home address or all of the above, you’ll know something is not right.
- The offer seems too good to be true
As the adage goes, if something seems too good to be true, it probably is. This includes emails that come from long lost relatives promising of inheritances, or lottery winnings from contests you cannot remember entering.
- You didn’t initiate the action
Phishing emails most often come out of the blue, and if you’re getting a warning without having first initiated the action (help desk email, password reset, etc.), you should be suspicious.
- The message makes unrealistic threats
These emails will often tell you that without you providing the information needed, you’ll be severely penalized in some way. If the email was legitimate, it’s unlikely that you would be threatened.
What to do if you are the Victim of Phishing
- Scan your computer for viruses. Most anti-viruses will find any obvious threats, and your system can be cleaned.
- Update credit agencies, and consider adding identify theft tracking to your accounts. This will provide you with immediate information on any threats to your credit.
- Immediately change passwords to major accounts, including banking and other financial related services.
- Report the scam to Canada’s Anti-Fraud Centre.
For more information on Phishing scams, please visit the RCMP’s page on Email Scams, which provide further identification techniques and advice for what to do.
Diallog Telecommunications is a Canadian owned, full service telecommunications provider that has been serving business customers since 1998. Headquartered in Toronto, Ontario, Diallog services customers all over the country with Voice over IP through Hosted PBX or SIP Trunking, PRIs, business lines, Fibre Optics, DSL, and Data Services. If you’re looking for a customer centric telecom company that offers a full range of services, then Diallog is the place for you.