An assortment of seafood…phishes, whales and the power of three

Posted by

Now most people, here in Australia anyway, seem to get that emails telling them how to claim their lost inheritance or that they have won the lottery are fake.  But it’s not the offer of an inheritance or lottery win on its own that gives the scam away.  Rather it’s the poor spelling and expression, and unprofessional appearance that tends to send alarm bells.

In recent times the scammers have changed things up a bit.  They’ve learnt that tailoring their messages, correcting their spelling and grammar and making the messages appear professional, are sure ways to improve their chances of getting your attention.

But it doesn’t stop there.  You see, the scammers of today take an old school approach to the con.  They may not, necessarily, have any technical expertise.  Think of ‘Alfie’ the conman of Jude Law (for the younger among you) and Michael Caine (for the older) fame! Instead, these scammers use social engineering techniques to leverage human weakness and make us do #dumbthings on the internet.

Now the terms phishing, spear-phishing and whaling probably don’t mean much to many Australians.  Without going into too much detail, these are all types of approaches – usually via email – where a ‘sender’ (the scammer) tries to trick the recipient into doing something by pretending to be someone they may legitimately receive an email from.  It may be that by simply replying to an email you are indicating that your address is genuine and that you are gullible.  And so what about that, you may ask?  Well it means that your email address is one that has ‘value’ when sold on the black market.  That’s right, your email address can be monetized by the sender.

And, anecdotally, accidentally responding to the wrong email is becoming increasingly common, because conmen are doing their research.  If you received an email that you weren’t expecting, looked professional and included your name, would you respond?  What if they included some details about you, for example, mentioning someone that you know?  What if there were three things, would you respond?  The more details included by the scammer, the more chance that even the most well-versed of us might respond.  My advice is to always treat unexpected emails with suspicion.  Rather than replying to the email, see if there is an alternative way to authenticate it.  Is there a street address or a phone number, or even a website?

Some recent examples of scam emails that I’ve heard of include:

  • Unsolicited emails from ‘relatives’ that have identified you through family-tree searches.
  • Invitations to speak at conferences.
  • Invitations to be included in business or professional directories.
  • Offers of work, or requests for quotes, to small businesses.
  • Emails imitating senior officers in an organisation asking finance staff to make payments.

Having some good policies in place in your organisation, particularly around financial matters, will undoubtedly help you manage the risk of these sophisticated email scams.  Likewise, making sure that your staff exercise sensible judgement when using your ICT, and understand why they should care about internet security will help.

 

T One P Enterprises offers workshops for businesses – big and small – on the ‘Why should I care?’ quotient and the risk of (inadvertently) doing #dumbthings on the internet.  For more information, feel free to message me.

Julia

One comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s