Browse Category

Phishing

Phishing and Social Engineering

Phishing for Your Money: How the Scam Works

Phishing is a known scam to most people, if not all. In a phishing scam, the Internet users are lured with potential monetary or other gains. Moreover, sometimes they are scared with fear of financial losses. For identifying phishing scams many posts have been written.  However, they do not discuss complex multi-party ‘phishing for money scams’, where individuals have lost thousands, corporations have lost millions, and FBI estimates total losses exceeds billions. In this post I explain with illustrations how phishing for your money scam works.


To learn how to identify phishing emails, read our post on `9 ways to identify phishing emails.


Complex Multi-step Process Scammers Use for Phishing for Your Money from Banks Starting with a Simple Phishing Email.
Complex Information Flow in a ‘Phishing for Your Money’ Scam.

Keep Reading

Phishing email quiz

Social engineered email are used to obtain passwords, credit card information, banking information, and many other personally sensitive information. To test your preparedness take this multiple-choice short quiz.

Question #1: You received an email from a good friend. It says that he is in Rome and he has lost his wallet. He needs urgent help. He gives his hotel address and a toll free number to call immediately. What would you do?

? Socailly engineered emails are friendly.Question #2: Identify a TRAIT you may find in a socially engineered email for obtaining your sensitive personal information.

Please read our post on how to identify phishing emails.

Question #3: You received an unexpected email from customer-service department of your bank reporting withdrawal of money at 4:45 PM from your account. You have not made such a withdrawal. Bank has written that your account will be frozen unless you immediately contact them by clicking the link in the email or call the toll-free number within 10 minutes.

Question #4: Identify a TRAIT you may find in a socially engineered phishing email for obtaining your sensitive personal information.

Question #5: Your web-email service provider have asked you to change your password immediately, because they have discovered a security breach in their user-information database and suspecting that password of many users have been compromised. The email have format and logo of the company and appears to be authentic. For changing password, the email has links to three websites, because they are expecting many users will attempt to change their password in a very short time. Select the best answer.

Question #6: Identify the TRAIT you may find in a phishing email in the context of information security.

Question #7: You received an unexpected email from customer-service department of your bank. It has your bank’s logo and ask you to change your password immediately.

Question #8: Recently you posted your vita on the website of an online job placement company. Today, received an email from them offering you information of several potential open-positions that matches your profile. For further details about the positions and contact information for each position you have to pay a small fee to defray cost of the company. They have provided a link to a website and a toll-free number to call. Select the best answer.

Question #9: Identify a TRAIT you may find in a socially engineered phishing email for obtaining your sensitive personal information.

Question #10: You received an unexpected email from customer-service department of your credit card company. It is reporting a purchase from abroad and asking you for confirmation by clicking on a link in the email or calling a toll-free number listed on the email. You have not used your card to make the purchase.

next

9 Ways to Identify Phishing emails

© 2019 by cybersecurity1hub.com

Phishing emails will not have a subject or heading that says they are a Phishing emails But if you look closely, you can see many tell-tell signs in a phishing email. You may find spoofed email  address and spoofed domain name among others. Moreover, they use social engineering.

You know that phishing is a big problem.  They attempt to obtain personally sensitive information (PSI) such as banking and credit card details, and password etc., usually for malicious reasons, by disguising as a legitimate entity or business. Let us review some tell-tell signs.

If you want to test your ability to identify phishing emails, then click here to take a quiz.

Phishing and Social Engineering
For Phishing, emails are used creatively.

Social Engineering

Suppose part of an email you received from your bank says, “… on Sunday at 6:00 AM money was withdrawn from you account. If you didn’t make the withdrawal, you MUST take security measure now.”

If you didn’t do a withdrawal, the fear of loss of money from bank and unauthorized activity in your bank account are likely to make you act swiftly.

Keep Reading