How to identify phishing
Phishing attacks can take several forms, although most begin with the receipt of a seemingly legitimate email. Over time they have evolved from a simple request via email for your personal and/or financial information to today's more sophisticated attempts to install crimeware on your computer. You will find outlined below some of the more common phishing exploits that are employed today.
An Email Request
The oldest and most common method of phishing is an email requesting personal, financial or computer account information be sent by return email. These emails often appear as though they came from a legitimate source, such as your bank, credit card company, or eBay. The email requests that the user reply with confidential account information usually credit card information. This information is used to manipulate personal information, or clear out bank accounts. A variation of this exploit is to provide a web link in the phishing email that takes the victim to a seemingly official web site where they are tricked into divulging financial data such as credit card numbers, account usernames, passwords and social insurance numbers.
Installing Crimeware on Your Computer
Many of today's phishing attacks involve installing malicious programs, called crimeware or Trojans, onto your computer. These programs can be unknowingly installed on your computer via several methods such as clicking on an attachment, downloading and installing seemingly legitimate programs, clicking on pop-up messages from web sites, visiting web sites that take advantage of security vulnerabilities in your web browser.
Keyloggers or Keystroke Loggers
Keystroke loggers record the keystrokes typed by the end-user on their computer and route that information to thieves. Phishing keystroke loggers are designed to pick up specific information such as access to financial websites, e-commerce sites and web-based email sites.
This type of attack uses malicious code designed with the intent of redirecting end-user's network traffic to a different and suspicious location where his or her confidential information can be extracted and compromised.
Newer phishing attacks are employing methods that rely less on computer vulnerabilities and questionable user behaviour. Instead they study and manipulate common human behavior to use as a tool for obtaining confidential information.
This attack involves constructing fraudulent web sites that have web url's that are similar to legitimate sites. Most often these web site url's are designed to take advantage of users who make common typos when entering the web site address.
Search Engine Poisoning
This attack involves constructing fraudulent websites in such a way so that the fraudulent site will show up near the top of most search engine results, often above the legitimate web site. Commonly used search terms and common typo's are employed in order to increase the likelihood of a user selecting the fraudulent site from the search results.
1. Hover. Don't click on links in emails. Rather, point your mouse at them and hover over them. When you hover over a link the link name should match the link location that shows up in your client as you hover over the link. If the link doesn't match its destination, this is a tell tale sign of phishing emails.
2. Copy and Paste. If you can't see the URL where the links direct when you hover over them, copy and paste the link into a Microsoft Word document. Right click on the pasted link and select "Edit Hyperlink" from the menu that appears. Selecting "Edit Hyperlink" will open a pop-up window in Word that shows in the "Address" field the web address to which the link directs. Again, if the destination doesn't match the link itself, this is a red flag.
3. Investigate the email's properties. Email users who have opened a suspicious email can view the email's properties, specifically the Internet headers. Examining headers shows the path the email took to reach the end-user. Look at the originating systems. If they're not from your organization or other trusted email systems, those are also tipoffs that it's a phishing email.
4. Check a known legitimate website. If your bank or credit card company is sending you an email regarding a fraud alert, you ought to see that same fraud alert on your bank or credit card company's legitimate website. The same is true of emails sent out by Western University. If you're at all uncertain, call the phone number on the back of your credit card, or your bank, or your university. Always work on information that you have a lot more reason to trust.
5. When in doubt, throw it out. The best defense against phishing scams is to assume the email is untrustworthy and to pursue direct channels to businesses that you trust, such as your bank's 1-800 number or direct line to your university.
As with keeping your computer healthy, the keys are awareness and prevention, and it really is quite simple.
Just follow these steps:
- Protect your computer against malware, to help limit your exposure if you get phished.
- Use an up-to-date internet browser that includes anti-phishing functions - it's never perfect, but you'll get an extra layer of protection.
- Use a spam filter for your email - a large proportion of phishing attempts are delivered through spam email.
- Be skeptical - if an email or webpage offer sounds too good to be true, it usually is.
- Be vigilant - the organizations you trust (banks, governments, institutions) will not ask you to confirm your personal or private data through email.
- Contact each financial institution, credit card issuer or other company that provided the identity thief with unauthorized credit, money, goods or services.
- Contact Canada's two national credit reporting agencies, TransUnion Canada and Equifax Canada. There are two things you should do when you call:
- Ask each agency to send you a copy of your credit report;
- Discuss whether you should have a fraud alert placed on your file, asking that creditors call you before opening any new accounts or changing your existing accounts.
- The credit report may reveal whether there are other companies where the identity thief has opened accounts or incurred debt in your name.
- Report the incident to our Campus Community Police Service at 519 661-3300 (or ext. 83300 if you are calling from on campus) and ask them to take a report. If a police report is available, include it in all correspondence with financial institutions, credit issuers, credit reporting agencies and other companies.
- If you have been successfully phished and believe that your Western credentials have been compromised, change your password by visiting here: https://wts.uwo.ca/identity/passwords/password_management_tools/changepw.html. If you haven't subscribed to Identity Manager you won't be able to change your password until you do. You may subscribe here: https://wts.uwo.ca/identity/western_identity_manager/subscribe.html.
- Report the incident to PhoneBusters National Call Centre toll free at 1-888-495-8501. PhoneBusters gathers information and intelligence about identity theft and provides advice and assistance to victims
- If your credit cards or government-issued documents (such as driver's licence, birth certificate or passport) have been lost or stolen, notify the issuing authority immediately to have the document cancelled and a new one issued
Note: Keep a record of your actions, even after the case has been resolved. Errors can reappear on your credit reports or your information can be re-circulated. If this happens, you'll be glad you kept your files. Please see the Government of Ontario Ministry of Government Services site for more information.
To report phishing attempts involving Western Identity (email accounts, passwords, id numbers etc.):
- Forward emails with full headers to email@example.com;
- If you need information on providing full headers, call the Helpdesk at x83800.
To report phishing attempts not specific to Western (e.g. bank account information etc.)
Published on and maintained in Cascade CMS.