Get in touch 0161 348 7880 | | info@haleit.net

Why Do We Still Go On Phishing Trips?

If you still don't think you are vulnerable to viruses or unhealthy links, or worse, phishing scams then think again. I was recently sent an official-looking text from Apple telling me my iCloud account was closing...

The exact text message (using my name) read like this:

iAccount

[NAME] your iCloud is suspended pending deletion. Confirm your profile details at http://icloudidvalidate.com to prevent deletion. Apple.

Clicking on the link took me to an official-looking Apple landing page with a high definition picture of Apple users using Apple products with all the glossy, Apple-like feel of the real thing. Oh, and there was a box where I was instructed to enter my login details, including my password.

Now of course I didn't, because something, somewhere told me that this wasn't right (it might have been the German web address that came up after I tapped the address bar) and I held back until I got home later that evening and checked out the website once more. By that time of course it had been shut down.

I wasn't alone in receiving this scam, but it certainly wasn't as widespread as to make it show up in multiple searches on social media at the time. What I really wanted to know, though, was how they got my name and my phone number? It makes me increasingly more wary of any email that I don't recognise to be genuine.

This morning I spent ten minutes searching the internet for a scam from email user 'admin@buffera.co.uk' only to realise that it was actually a confirmation invoice of a real order placed two days previously. What concerned me about this email was the lengthy text regarding shipping and a tracked airmail code - especially as the company was located in Coventry!

So if I can almost believe a phishing scam but disbelieve a genuine purchase, what hope is there for people who don't write about phishing scams for a living?

Now we are all - surely - wise to any email coming from a person claiming to be a lawyer representing some recently-deceased rich person who is holding millions of dollars and trying to make off with it but needing to cut you (and your bank account) into the deal to help them do so.

Most of these lawyers are found in Asia and Africa, but god help us if they start coming from closer to home, like Coventry for instance!

What people involved in these scams really want, whether it's a long-winded inheritance fraud email or simply a link directing you to a website where you freely enter in your username and password, is money - YOUR money!

It is estimated by GetCyberSafe that every day:

156 million phishing emails are sent
16 million get through our spam filters
8 million are opened
800,000 links are clicked
80,000 contact forms are filled in

Microsoft estimates that it costs users over $5 billion every year and strangely in the UK we are three times more likely to find an email containing a malicious link than in the US. What was most convincing about my recent Apple phishing incident is that there were no grammatical mistakes in the text or in the landing page, it looked passable - even the website icloudidvalidate.com might have been something Apple could have used. This is a good deal more professional (though we use that term loosely) than many of the phishing scams we've seen to date.

The majority of phishing scams often contain grammatical errors and poor spelling, which would suggest them being counter-intuitive. But even this is designed to highlight only the most trusting of users. As the Principal Researcher at of Microsoft Research Cormac Herly confirms what deep down we already knew about phishing scams:

"Since gullibility is unobservable, the best strategy is to get those who possess this quality to self-identify."

Hence if people are trusting enough to click on a link so obviously ridden with spelling mistakes, why wouldn't they offer up some personal information too? However, if you think you can see through all the scams because of poor grammar and bad spelling think again.

We are bombarded with so many phishing attempts, it's often hard to recall them all; for instance you will have received an email from a shipping company regarding a missed package; you will have clicked on a link in an email and, before it fully opened, then stopped and thought better of it; you will also have received a lot of emails that begin with 'You have a connection request from LinkedIn'.

Due to our predilection for more tech, our reliance on mobile and the constant distractions that occur whilst using them, sometimes our multi-tasking lifestyles can catch us out. If we sat at our PC and examined every email we got, we would probably see through them all, but we don't. We read much of them on the hoof, on our mobiles and their true significance isn't as easy to discriminate.

The more tech-savvy we become, the more we open ourselves up to scams that can access our mobiles and corrupt our email lists, read our contacts, find out our names, mobile numbers and put us at risk of ever more elaborate and believable phishing trips.

About the Author:

author

Related Posts

Leave A Comment