Over the years, I have written many times about the extreme danger of phishing emails or the more specifically targeted spear phishing emails. Phishing emails come from scammers who pose as companies, governmental agencies or other entities with which you do business and lure you, generally under the pretense of an emergency, into providing personal information that can lead to your becoming a victim of identity theft or downloading malware such as ransomware. Spear phishing occurs when the email has been tailored to you specifically with your name, account number or other information that can lead you to trust the email although as I always say, “trust me, you can’t trust anyone.”
Recently, the cybersecurity firm Vade Secure issued its seventh version of the most popular companies impersonated by scammers in phishing emails. Leading the way were PayPal, Facebook, Microsoft, Netflix and WhatsApp. Interestingly, phishing attempts in which the scammers posed as banks include not just major banks such as Bank of America and Chase, but also smaller banks such as Desjardins, M&T Bank and ATB Financial.
Here is a link to Vade Secure’s entire list.
There are a number of indications that phishing emails are not legitimate emails. Legitimate emails would be directed to you by name rather than being sent to you without your name appearing in the email although some more sophisticated spear phishing emails may contain your name. A big red flag for a phishing email is when it is sent from an address that has no relation to the legitimate company. Often the addresses from which the phishing emails are sent are from computers hacked and made a part of a botnet of zombie computers used to send out phishing emails without the person whose computer has been hacked even being aware that their computer is a part of a botnet. Other times, the scammer will attempt to make the email address look legitimate even if it is not so you have to be very careful. It is simple matter for a cybercriminal to use a counterfeit logo in phishing emails so you can’t trust your eyes. While many phishing emails have good grammar, many have spelling and grammatical errors that may be an indication of the phishing email originating in a country where English is not the primary language.
As with all phishing emails, two things can happen if you click on the links provided. Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft. The best course of action if you receive an email asking for personal information and have any thought that the email might be legitimate is to contact the real company or agency at a telephone number, email address or website that you know is legitimate to confirm that it was a scam.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”