{"id":8134,"date":"2022-01-24T16:55:28","date_gmt":"2022-01-24T08:55:28","guid":{"rendered":"https:\/\/www.cldy.com\/sg\/?p=8134"},"modified":"2023-02-28T20:47:35","modified_gmt":"2023-02-28T12:47:35","slug":"avoid-phishing-scams","status":"publish","type":"post","link":"https:\/\/www.cldy.com\/sg\/blog\/email-hosting\/avoid-phishing-scams\/","title":{"rendered":"Phishing Scams: How To Avoid Becoming a Victim"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">It happened to around 470 victims, and it could happen to you too!<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It is no longer news that around S$8.5 Million had been stolen from these close to 470 victims of bank theft across Singapore, via a spate of SMS scams. The series of SMS phishing scams happened in December, and some of the victims include a specialist from the eCommerce sector and even a software engineer.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If individuals from these tech-savvy backgrounds could fall prey to these phishing scams, there is no doubt that anyone is vulnerable.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Phishing, or the harvesting of login information via fraudulent methods, is by no means a new mode of scamming and robbing people. One of the first phishing techniques was actually developed and reported as early as 1987.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The term \u201cphishing\u201d was coined by a spammer and hacker Khan C. Smith, as he stole passwords and financial details of America Online (AOL) users via his hacking tool, AOHell. Since then, \u201cphishing\u201d has come to describe the virulent, malicious, and even malevolent annoyance that is spam email, and now, SMS texts, that have the capability of stealing a person\u2019s financial information, if they\u2019re gullible enough to fork these over.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">From AOHell targeting AOL, down to the rise of millions of spam, and phishing scams across the growth of the internet, phishing has crossed over to SMS.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Phishing is merely \u201cannoying\u201d if you\u2019re wise enough to recognize and dodge the scheme. If you had been too trusting and believed the whole narrative they deliver, just like the rest of the 470 bank fraud victims, your hard-earned savings could be wiped out in a matter of seconds by a ruthless, conscience-less mastermind out there.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Experts recommended that in order to mitigate this massive security and financial liability, links in SMS from banks, or even using SMS as a second layer of \u201cprotection\u201d should be done away with.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As the Singaporean financial industry scrambles to protect and even reimburse their clientele, individuals and corporations must also learn how to be on guard before anything of this sort happens to them and their companies.\u00a0<\/span><\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" class=\"aligncenter wp-image-13202 size-full\" src=\"https:\/\/www.cldy.com\/sg\/wp-content\/uploads\/sites\/7\/2022\/01\/light-man-people-woman.jpg\" alt=\"light-man-people-woman-phishing-scams\" width=\"640\" height=\"452\" srcset=\"https:\/\/www.cldy.com\/sg\/wp-content\/uploads\/sites\/7\/2022\/01\/light-man-people-woman.jpg 640w, https:\/\/www.cldy.com\/sg\/wp-content\/uploads\/sites\/7\/2022\/01\/light-man-people-woman-300x212.jpg 300w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><em><span style=\"font-weight: 400;\">Photo by Mikhail Nilov via <\/span><\/em><a href=\"https:\/\/www.pexels.com\/photo\/light-man-people-woman-6963061\/\" rel=\"nofollow noopener\" target=\"_blank\"><span style=\"font-weight: 400;\"><em>Pexels<\/em><\/span><\/a><\/p>\n<h4><b>Email Remains Largely Unchanged, So Does Phishing<\/b><\/h4>\n<p><span style=\"font-weight: 400;\">The widespread security and financial scandal happened via SMS, but as mentioned, an older phishing vulnerability was already in place: Phishing via email.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">An email has remained almost unchanged over the decades. Email providers admit that the protocol has remained the same over the years: SSL, TLS, POP3, IMAP, and SMTP.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In spite of some snazzy innovations that make email just a bit cooler, just a bit smarter, just a bit powered by AI, it has remained largely unchanged. And the system of targeting email users has remained largely unchanged, as well.\u00a0<\/span><\/p>\n<p><b>The system is simple:\u00a0<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Make an email look exactly like an email from a trusted company.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Lead the user to a page that would make them enter their details for certain institutions, banks most especially.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Grab those details.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Siphon the victims\u2019 finances using those details to access these.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">The power of phishing remains largely in its capacity to elicit trust from the end user. The more convincing an email looks, the closer it looks to the company or institution they are trying to spoof, and the easier it is for malevolent operators and hackers, to steal the keys to their victims\u2019 wealth.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The system works, over and over, and this is why it has endured over the decades.<\/span><\/p>\n<h4><b>SMS for Individuals, Email for Individuals and Corporations<\/b><\/h4>\n<p><span style=\"font-weight: 400;\">SMS was able to target individual banking clients and siphon out their information via links embedded in the messages. While the scheme can still apply to corporate accounts, email is a more known way to target business entities with a phishing scam. This is because a domain can belong to a company, and as soon as hackers, scammers, and spammers can get ahold of the emails in a domain, they can target everyone within the organization.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Malevolent entities can also target specific departments or roles in a company.\u00a0<\/span><\/p>\n<p><b>These are the two types of phishing that target specific departments or roles:\u00a0<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>Spear Phishing<\/b><span style=\"font-weight: 400;\"> can target specific individuals who have access to financial information. There have been known attack campaigns targeting accountancy and audit firms, as well as financial departments within a company, to gain access to sensitive information.<\/span><\/li>\n<li><b>Whaling and CEO Fraud <\/b><span style=\"font-weight: 400;\">targets senior-level executives in a company. While the success rate is reportedly low, there are still cases where tens of millions of dollars were lost because of a successful phishing campaign.\u00a0<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3><b>Where Do We Go From Here?\u00a0<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Now we know that phishing scams happen and that they could happen to you. It could happen to your company. It could even happen to your CEO. So where do we go from here?\u00a0<\/span><\/p>\n<p><b>1. Educate Yourself.\u00a0<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>Know what a Phishing Email Address looks like.<\/b><span style=\"font-weight: 400;\"> In our Knowledgebase Article <\/span>\u201c<a style=\"color: #f4662d;\" href=\"https:\/\/www.cldy.com\/support\/help\/keeping-secure-email-habits\/\">Keeping Secure Email Habits<\/a>,\u201d<span style=\"font-weight: 400;\"> you will see how scammers\u2019 email addresses are formatted. When you check the source of the email and the email address looks like one of the emails we pointed out, delete the email immediately and don\u2019t click anywhere on the email body. This ensures that you won\u2019t download any malicious programs or ransomware that could harvest your personal or sensitive information even without your participation.<br \/>\n<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>Know what a Phishing Email looks like. <\/b><span style=\"font-weight: 400;\">Just to be on the safe side, use your personal or generic email, like a Gmail or Yahoo email. Check your Spam folder for one of those offers that you didn\u2019t ask for. To be even safer, open the email via a Linux installation. You can use a Linux LiveCD or USB if you don\u2019t have Linux installed. The reason why we recommend using Linux is that if there are scripts embedded in the email, it will not automatically inject itself into your browser or download itself into your PC. Take a quick look at the way the Phishing Email has been formatted, take screenshots if you want to remember it better, and then immediately delete it. Familiarizing yourself with a Phishing Email\u2019s format will allow you to spot and recognize it faster, allowing you to just automatically delete one in the future if it ever happens to land in your Inbox, and not just your Spam folder.<br \/>\n<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>Be able to distinguish between a Phishing domain and a legitimate domain.<\/b><span style=\"font-weight: 400;\"> Of course, everyone knows what <\/span><strong>www.domain.com<\/strong><span style=\"font-weight: 400;\"> looks like. But strangely, when people get emails, those who fall prey to phishing scams don\u2019t seem to pay attention as to whether the emails lead to <\/span><strong>www.legitimatebusiness.com<\/strong><span style=\"font-weight: 400;\"> or <\/span><strong>www.somegibberishdomainhostingaformthatwilllethackersstealyourlifesavings.com<\/strong><span style=\"font-weight: 400;\">. Of course, we\u2019re being a little facetious here, but it should be muscle memory that when you click through an email, you must take a quick look at your browser\u2019s address bar in order to verify whether you\u2019re on the right website or not. If that\u2019s not yet a habit for you, you should start practising it until it becomes second nature.\u00a0<\/span><\/li>\n<\/ul>\n<p style=\"padding-left: 40px;\"><span style=\"font-weight: 400;\">Fortunately, phishing scams are usually hosted on some long, ill-spelt domain, and some even have gibberish letters on them. Some domain formats don\u2019t make sense. Spammers, scammers, and hackers take it for granted that their targets are gullible and won\u2019t verify the domain, so they don\u2019t even bother to buy better domains. So don\u2019t focus on the form you were led to fill out. Don&#8217;t even start typing anything on it. Don\u2019t be quick to fall for the narrative that the phishing email or even SMS tries to sell you. Always, always, verify if the email address or domain the page leads to is legit.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>2. Know That Phishing Thrives On Social Engineering.<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>\u201cSocial Engineering\u201d<\/b><span style=\"font-weight: 400;\"> is a method of getting a user\u2019s sensitive information through the use of psychological manipulation. This may include creating a compelling narrative, such as stating that malicious individuals have gotten ahold of the target user\u2019s credentials, thus, the target MUST enter their details, ostensibly to secure their account NOW.\u00a0<\/span><\/li>\n<\/ul>\n<p style=\"padding-left: 40px;\"><span style=\"font-weight: 400;\">The sad thing is that this ruse was the exact narrative used on the bank SMS phishing scam scheme.\u00a0<\/span><\/p>\n<p style=\"padding-left: 40px;\"><span style=\"font-weight: 400;\">The reason why this was compelling is that this narrative played on the user\u2019s fears that their account was compromised, and so, the user felt like they needed to log into the portal provided by the scammers, not realizing that by doing so, they had just handed over the keys to actually being robbed, not just scammed.\u00a0<\/span><\/p>\n<p style=\"padding-left: 40px;\"><span style=\"font-weight: 400;\">As a potential target, know that if the email or SMS sounds urgent, will ask for your credentials, or in any way capture your details, you just have to ignore the urge to give into your fears, and report the email or SMS to your bank or service provider.\u00a0<\/span><\/p>\n<p style=\"padding-left: 40px;\"><span style=\"font-weight: 400;\">Aside from fear, other types of social engineering tactics may involve giving you offers that are too good to be true. In some other countries, announcements that they\u2019ve won the lottery are a common phishing scam. Yet others offer jobs that pay an insane amount of money. Still, others are threats of litigation. The list goes on. If the story spun tries to get you to act to give out your information, beware and just junk the message, or take it a step further and report it to your service provider or the institution it\u2019s spoofing.\u00a0<\/span><\/p>\n<p><b>3. Update Your Antivirus.<\/b><b><\/b><b><\/b><\/p>\n<ul>\n<li><b>Keep a background malware scanner running, and keep it updated. <\/b><span style=\"font-weight: 400;\">Earlier, we mentioned that there\u2019s such a thing as \u201cransomware.\u201d It could come from links that you\u2019ve accidentally clicked, or even from the very emails that we warned you about. Some emails take attacks a step further and embed malicious software inside. If you\u2019ve accidentally clicked an email that downloaded malware into your computer, the danger is that you could trigger a ransomware attack.<\/span><\/li>\n<\/ul>\n<p style=\"padding-left: 40px;\"><span style=\"font-weight: 400;\">A ransomware attack is when this downloaded malware locks your PC and holds it \u201cfor ransom.\u201d It remains locked until you pay a sum to the hackers behind the ransomware.\u00a0<\/span><\/p>\n<p style=\"padding-left: 40px;\"><span style=\"font-weight: 400;\">An <strong>updated<\/strong> malware scanner helps in alerting you to the presence of these and allowing you to take action to quarantine or delete the malware.\u00a0<\/span><\/p>\n<p style=\"padding-left: 40px;\"><span style=\"font-weight: 400;\">We highly recommend using Clamwin or Malwarebytes to clean your PC, but for background scanning, Avira or Avast is perfect.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>4. For The Geeks: Set Up SPF Records.\u00a0<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>SPF (Sender Policy Framework)<\/b><span style=\"font-weight: 400;\"><span style=\"font-weight: 400;\"> is an authentication protocol that will prevent spammers from using your domain. It allows senders to name the specific IP addresses that can use your domain to send emails. This protects your company domain from being hijacked by malicious operators, discouraging them from sending internal phishing scams, spammy, or scammy emails, or even using your domain to scam other companies and individuals.<\/span><\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>READ MORE: <\/strong><a style=\"color: #f4662d;\" href=\"https:\/\/www.cldy.com\/support\/help\/how-to-set-up-an-spf-record\/\">How to Set Up an SPF Record<\/a><\/p>\n<p>&nbsp;<\/p>\n<p><b>5. Create Better Passwords.\u00a0<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Oddly, in the day and age where hundreds of thousands to millions of dollars are being stolen because of bad passwords and ill-thought-out cybersecurity policies, you\u2019d think that individuals and companies would encourage the use of stronger credentials. Sadly, this isn\u2019t the case. In spite of the massive data breaches and data dumps, the current favourite password is still \u201c123456,\u201d no matter how laughable it is to your friendly neighbourhood tech expert or tech support guy. Our guess is that people favour convenience, expediency, and the ease of remembering the password over actual security. But don\u2019t be like them. <a style=\"color: #f4662d;\" href=\"https:\/\/www.cldy.com\/support\/help\/how-to-create-secure-passwords-for-your-cpanel-email-accounts\/\">Create better passwords<\/a>.\u00a0<\/span>\n<ul>\n<li style=\"font-weight: 400;\"><b>Use a password generator tool.<\/b><span style=\"font-weight: 400;\"> This randomises letters, numbers, and uppercase\/lowercase, and helps you create better credentials.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Use different passwords per website or service. <\/b><span style=\"font-weight: 400;\">Using one password across everything makes you more vulnerable. Vary the credentials you use.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">If you use a password generator tool, and you are worried about remembering everything, use a password vault such as LastPass.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>Lastly, it\u2019s never enough to use a password. Use 2-Factor Authentication as well. <\/b><span style=\"font-weight: 400;\">This ties your account to another device and ensures that you need to approve new logins. This feature will alert you when someone else tries to log into your accounts. Better yet, this blocks attempts to hack into, and even use your account, especially for nefarious purposes.<\/span><\/li>\n<\/ul>\n<h4><b>The Bottom Line<\/b><\/h4>\n<p><span style=\"font-weight: 400;\">Individuals and companies cannot stop malicious operators from cooking up phishing scams and other schemes to try and rob people and organizations. Where there\u2019s money to be had, albeit illegally, there\u2019s always going to be an attempt to grab it.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As individuals and companies, the best thing we can do is to protect ourselves. Take the steps we suggest to ensure secure email usage policies, be vigilant always, and avoid being the next victim.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">At CLDY, one of the <\/span><a style=\"color: #f4662d;\" href=\"https:\/\/www.cldy.com\/sg\/blog\/cloud-hosting\/cldy-pillars-of-strength\/\">five pillars of strength<\/a><span style=\"font-weight: 400;\"> that we believe in is <strong>SECURITY<\/strong>. Our systems are backed by Singapore\u2019s best security infrastructure, and it has features that ensure your individual or company accounts\u2019 extra security. We will do everything to assist you in ensuring that your accounts are safe.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Host with us today and enjoy the Simplicity, Speed, Stability, Security, and Support that <a style=\"color: #f4662d;\" href=\"https:\/\/www.cldy.com\/sg\/\">CLDY<\/a> offers!<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>It happened to around 470 victims, and it could happen to you too! It is no longer news that around S$8.5 Million had been stolen from these close to 470 victims of bank theft across Singapore, via a spate of SMS scams. The series of SMS phishing scams happened in December, and some of the [&hellip;]<\/p>\n","protected":false},"author":10,"featured_media":8138,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[65],"tags":[],"class_list":["post-8134","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-email-hosting"],"_links":{"self":[{"href":"https:\/\/www.cldy.com\/sg\/wp-json\/wp\/v2\/posts\/8134","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cldy.com\/sg\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cldy.com\/sg\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cldy.com\/sg\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cldy.com\/sg\/wp-json\/wp\/v2\/comments?post=8134"}],"version-history":[{"count":19,"href":"https:\/\/www.cldy.com\/sg\/wp-json\/wp\/v2\/posts\/8134\/revisions"}],"predecessor-version":[{"id":21059,"href":"https:\/\/www.cldy.com\/sg\/wp-json\/wp\/v2\/posts\/8134\/revisions\/21059"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cldy.com\/sg\/wp-json\/wp\/v2\/media\/8138"}],"wp:attachment":[{"href":"https:\/\/www.cldy.com\/sg\/wp-json\/wp\/v2\/media?parent=8134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cldy.com\/sg\/wp-json\/wp\/v2\/categories?post=8134"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cldy.com\/sg\/wp-json\/wp\/v2\/tags?post=8134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}