{"id":73106,"date":"2014-10-16T21:42:18","date_gmt":"2014-10-17T01:42:18","guid":{"rendered":"http:\/\/rbach.net\/blog\/index.php\/"},"modified":"2021-08-25T12:54:36","modified_gmt":"2021-08-25T16:54:36","slug":"how-to-spot-phishing","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/how-to-spot-phishing\/","title":{"rendered":"How to Spot Phishing"},"content":{"rendered":"<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"wp-image-98104 alignleft\" title=\"How to Spot a Phish\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/phishing3-1-e1563736911654.jpg?resize=89%2C90&#038;ssl=1\" alt=\"\" width=\"89\" height=\"90\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/phishing3-1-e1563736911654.jpg?w=182&amp;ssl=1 182w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/phishing3-1-e1563736911654.jpg?resize=75%2C75&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/phishing3-1-e1563736911654.jpg?resize=148%2C150&amp;ssl=1 148w\" sizes=\"auto, (max-width: 89px) 100vw, 89px\" \/><strong>Phish<\/strong><strong>ing<\/strong> scams are spam emails sent by cyber-criminals that can lead to <strong>identity theft<\/strong> at home and <strong>data breaches<\/strong> at work. Phishing attacks pretend to be from a legitimate person or organization to trick you into <strong>revealing personal information<\/strong>. A phishing attack begins when a cyber-criminal sends an email that looks like it originates from your bank.<\/p>\n<p><a href=\"https:\/\/web.archive.org\/web\/20200214181040\/http:\/\/www.iamwire.com:80\/2013\/06\/10000-indians-face-phishing-attacks-daily-kaspersky\/16054\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-98100\" title=\"Phishing\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/phishing4-1.png?resize=97%2C83&#038;ssl=1\" alt=\"Phishing\" width=\"97\" height=\"83\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/phishing4-1.png?resize=150%2C129&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/phishing4-1.png?resize=75%2C65&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/phishing4-1.png?w=300&amp;ssl=1 300w\" sizes=\"auto, (max-width: 97px) 100vw, 97px\" \/><\/a>The email might hint at a <strong>problem with your account<\/strong> asking you to \u201cconfirm\u201d account information by clicking on a link that takes you to a <strong>fake website<\/strong>. The fake website asks you to type in your bank account user name and password. The goal is to convince the target that the web page is legitimate so that they will enter their credentials. Once entered, attackers can <strong>access an individual\u2019s finances<\/strong>.<\/p>\n<h3>Phishing attacks<\/h3>\n<p><a title=\"RSA\" href=\"https:\/\/web.archive.org\/web\/20160224154410\/http:\/\/www.emc.com\/domains\/rsa\/index.htm\" target=\"_blank\" rel=\"noopener noreferrer\">RSA<\/a> <a title=\"page 1 RSA MONTHLY FRAUD REPORT FRAUD REPORT 2013 A YEAR IN REVIEW\" href=\"https:\/\/web.archive.org\/web\/20190627100546\/https:\/\/www.emc.com\/collateral\/fraud-report\/rsa-online-fraud-report-012014.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">reports<\/a> 2013 was a record year for <strong>phishing attacks<\/strong>. They report that nearly 450,000 phishing attacks were launched in 2013 with losses estimated to be nearly <strong>$6 Billion<\/strong>. The security firm believes that these attacks will continue for the foreseeable future. They point out that it only costs an attacker $65.00 to spam 500,000 email addresses.<\/p>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-98106 \" title=\"spoofed financial organizations\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/phishing8.png?resize=129%2C100&#038;ssl=1\" alt=\"spoofed financial organizations\" width=\"129\" height=\"100\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/phishing8.png?resize=150%2C116&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/phishing8.png?resize=75%2C58&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/phishing8.png?w=288&amp;ssl=1 288w\" sizes=\"auto, (max-width: 129px) 100vw, 129px\" \/><a title=\"Symantec\" href=\"https:\/\/securitycloud.symantec.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Symantec<\/a> <a href=\"https:\/\/web.archive.org\/web\/20191111184732\/https:\/\/www.symantec.com\/content\/en\/us\/enterprise\/other_resources\/b-istr_main_report_v19_21291018.en-us.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">reports<\/a> (PDF) that <strong>1 in every 392 emails<\/strong> a user receives is a phishing attempt. 71% of the phishing attacks were related to spoofed financial organizations and login credentials for accounts seem to be the main information phishers are looking for. <a title=\"Dell\" href=\"http:\/\/www.dell.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Dell<\/a> <a title=\"The Underground Hacking Economy is Alive and Well\" href=\"https:\/\/web.archive.org\/web\/20160130191651\/http:\/\/www.secureworks.com\/resources\/blog\/the-underground-hacking-economy-is-alive-and-well\/\" target=\"_blank\" rel=\"noopener noreferrer\">SecureWorks<\/a> delved into the depths of the online underground economy and found the value of <strong>personally identifiable information<\/strong> (<a title=\"Personally identifiable information\" href=\"http:\/\/en.wikipedia.org\/wiki\/Personally_identifiable_information\" target=\"_blank\" rel=\"noopener wikipedia noreferrer\">PII<\/a>).<\/p>\n<h3>value of personally identifiable information<\/h3>\n<ul>\n<li><strong>Visa<\/strong> and<strong> Master Card<\/strong> account numbers are worth up to $15<\/li>\n<li><strong>American Express<\/strong>\u00a0account numbers are worth up to $18<\/li>\n<li><strong>Date of Birth<\/strong> (DOB) is worth up to $25<\/li>\n<\/ul>\n<p>On his excellent <a href=\"http:\/\/krebsonsecurity.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">website<\/a>, <a title=\"Brian Krebs\" href=\"http:\/\/en.wikipedia.org\/wiki\/Brian_Krebs\" target=\"_blank\" rel=\"noopener wikipedia noreferrer\">Brian Krebs<\/a> revealed the black market value of <a href=\"http:\/\/krebsonsecurity.com\/2013\/06\/the-value-of-a-hacked-email-account\/\" target=\"_blank\" rel=\"noopener noreferrer\">hacked credentials<\/a>.<\/p>\n<ul>\n<li>Active accounts at <strong>Facebook<\/strong> and <strong>Twitter<\/strong> retail for just $2.50 apiece,<\/li>\n<li>$4 buys hacked credentials at wireless providers <strong>ATT.com<\/strong>, Sprint.com, Verizonwireless.com, and Tmobile.com,<\/li>\n<li><strong>Groupon.com<\/strong> accounts fetch $5,<\/li>\n<li><strong>Fedex.com<\/strong>, Continental.com, and United.com accounts for go for $6.<\/li>\n<li><strong><a title=\"ITunes\" href=\"http:\/\/www.apple.com\/itunes\/\" target=\"_blank\" rel=\"homepage noopener noreferrer\">iTunes<\/a><\/strong> accounts go for $8 on the cyber underground economy.<\/li>\n<\/ul>\n<h3>medical records<\/h3>\n<p>In a new phishing twist, attackers are going after <strong>medical records<\/strong> to exploit the broken healthcare industry. Stolen health credentials can go for $10 each, about 10 or 20 times the value of a U.S. credit card number, <a title=\"Your medical record is worth more to hackers than your credit card\" href=\"http:\/\/news.yahoo.com\/medical-record-worth-more-hackers-credit-card-182251915--finance.html\" target=\"_blank\" rel=\"noopener noreferrer\">according<\/a> to Don Jackson, director of threat intelligence at <a title=\"PhishLabs\" href=\"https:\/\/www.phishlabs.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">PhishLabs<\/a>, a cybercrime protection company.<\/p>\n<p>With these threats in mind, PhishMe developed an infographic, click on the image below to see the complete image.<\/p>\n<div id=\"attachment_98108\" style=\"width: 490px\" class=\"wp-caption aligncenter\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-98108\" class=\"wp-image-98108 size-large\" title=\"How to Spot a Phish\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/how-to-spot-a-phish.jpg?resize=480%2C756&#038;ssl=1\" alt=\"How to Spot a Phish\" width=\"480\" height=\"756\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/how-to-spot-a-phish.jpg?resize=650%2C1024&amp;ssl=1 650w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/how-to-spot-a-phish.jpg?resize=48%2C75&amp;ssl=1 48w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/how-to-spot-a-phish.jpg?resize=95%2C150&amp;ssl=1 95w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/how-to-spot-a-phish.jpg?resize=768%2C1209&amp;ssl=1 768w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/how-to-spot-a-phish.jpg?w=975&amp;ssl=1 975w\" sizes=\"auto, (max-width: 480px) 100vw, 480px\" \/><p id=\"caption-attachment-98108\" class=\"wp-caption-text\">PhishMe infographic<\/p><\/div>\n<p><strong><em>rb-<\/em><\/strong><\/p>\n<p><em>Since many cyberattacks originate with phishing emails, the best way for organizations and individuals to protect themselves online is to recognize and avoid phishing emails.<\/em><\/p>\n<h6>Related articles<\/h6>\n<ul>\n<li><a href=\"http:\/\/www.computerweekly.com\/news\/2240220542\/Phishing-attacks-target-Google-accounts-warns-Bitdefender\" target=\"_blank\" rel=\"noopener noreferrer\">Phishing attacks target Google accounts, warns Bitdefender<\/a> (computerweekly.com)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><em><a title=\"Ralph Bach\" href=\"https:\/\/rbach.net\/index.php\/new-resume\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ralph Bach<\/a>\u00a0has been in IT long enough to know better and has blogged from his\u00a0<a title=\"Bach Seat\" href=\"https:\/\/rbach.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bach Seat<\/a> about IT, careers, and anything else that catches his attention since 2005. You can follow him on <a class=\"broken_link\" href=\"http:\/\/www.linkedin.com\/in\/rb48334\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">LinkedIn<\/a>,\u00a0<a href=\"https:\/\/www.facebook.com\/ralph.bach.14\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a>,\u00a0and\u00a0<a href=\"https:\/\/twitter.com\/rbach48334\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>. Email the Bach Seat\u00a0<a href=\"mailto:\/\/bach.seat@gmail.com\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Phishing attacks lead to identity theft and data breaches by tricking you into revealing sensitive info look for clues to stop it<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[2292,2277,171,104,1096,2278,612,2275,951,4,95,60,2011,2276],"class_list":["post-73106","post","type-post","status-publish","format-standard","hentry","category-security","tag-2292","tag-amex","tag-email","tag-facebook","tag-fb","tag-master-card","tag-phishing","tag-phishlabs","tag-pii","tag-security","tag-spam","tag-twitter","tag-twtr","tag-visa"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/73106","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/comments?post=73106"}],"version-history":[{"count":12,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/73106\/revisions"}],"predecessor-version":[{"id":131340,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/73106\/revisions\/131340"}],"wp:attachment":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/media?parent=73106"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/categories?post=73106"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/tags?post=73106"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}