Cyber Phishing occurs when hackers aim to obtain confidential information from Internet users by sending an infected email that is disguised as a well known organization. The email contains links to fake websites that look very similar to the real one.
Currently, cyber criminals are aiming to attack many operating systems to attain as much data as possible; the more data, the better the chances of success and financial gain. They use different methods to get your personal information, but it usually starts with your email address. How do they do it? They use lists that are available to the public and exploiting websites to access all types of data they can think of; they then use scraping software to collect the bottomless pit of email addresses from thousands of pages on the world wide web. They can easily get millions of email addresses to use as they spam everyone with their phishing campaigns.
In the example above, the cyber criminals pretend to be PayPal, telling users their account was locked and the account is being suspended due to security reasons. To restore their account access, they request users click on the link in the email to confirm their personal details. That- is where they get you.
How can you tell it’s a phishing email?
In the “From” field, it should be an address from paypal ; this sender is not from a PayPal address, but: “servicems@xxx”. Clicking on the link takes you to this site below:
While this looks identical to a PayPal page, take a second look at the URL at the top of the page: “mk/ShadowZ118/public/myaccount/signin/?country.x=FR&locate.x=en_FR”. If this were actually PayPal, you would have seen an official PayPal URL.
The victims log in to the fake scam artist “PayPal site” and unknowingly enter all their account information. This is an advanced phishing scam, where not only basic information is requested and obtained but also passwords, credit cards, and confidential files.
As the unsuspecting victims fill out all of their information, the cyber criminals will save it all. In the disturbing image below, we can see that the hackers save all the information they need to commit fraud only to email it to themselves soon after.
Last but certainly not least, the victims will then receive a phony ‘confirmation’ email then are automatically re-directed to the real official PayPal website.
- Check the URL
When in doubt, DO NOT click on it. We suggest you hover your mouse over the link to see where the link directs to; if the address showing is not the same as the address it says it is, DO NOT click on it. If you accidentally click the link, DO NOT enter any information on the website; simply close the window.
- Be watchful for odd attachments
Be MINDFUL; It is important to remember not to blindly open attachments; check the file first by saving it to your downloads folder. Next, make sure if you are using Windows to set your folder options to “show known file types” so you can view the file extension ( the 3 letters at the end of the file name). Unzip the .zip file from your downloads and view the file extension. If it contains any of the following: .JS, .EXE, .COM, .PIF, .SCR, .HTA, .vbs, .wsf, .jse, or .jar at the end of the file name it is likely a threat! DO NOT click it!
- Quality Cyber Security is vital
Cyber security can help protect your operating systems and emails from phishing attacks with a quality anti-virus solution. GCS Cyber Security provides real-time, pattern-based threat recognition and a vast array of technology filters that are constantly monitoring your systems to help protect against spam, viruses, ransomware, malware, phishing attacks, and other email infection threats.