Mensen

Email en phishing

 phishing

Email en phishing

 

Tips and advisory

  • Http vs. https (on a http site everything is send in plain text)
  • URL-check (on a Desktop computer, you hover your mouse over the link and check in the bottom left, where the link would be going. Is it not what you'd expect? something funny or doesn't make sense it's propably a phishing attempt).
  • Did I ask for that mail? If not, trash it.
  • Is it free? Then you're the product, or the victim of SPAM.
  • If it looks like it's legit, click unsubscribe if you don't want it anymore. Do not do this on SPAM emails, because you'll confirm you exist and will get more of those.
  • Did you put your E-mailadres somewhere online? You'll get SPAM

- What will hackers ask for, when attempting to phish you?

- Online provider advisory

What will hackers ask for, when attempting to phish you?

Phishingmails or -sites could ask for:

  • Usernames and passwords, and changing them
  • Social Security Numbers
  • Bank accounts
  • Pincodes
  • Creditcardnumbers
  • Your mothers maiden name (microsoft's security questions)
  • Your birthdate (microsoft's security questions)
  • Your Username and/or Password
  • Your balance
  • Fines
  • Account takeover
  • 'You have to verify your account or it will be closed!'
  • 'There is an large amount of money reservated for your. Please provide your details for expenses so we can transfer you money'.
  • 'You're a Winner, cash your price'
  • 'Help! I've got a problem'
  • 'If you don't forward this mail, something bad is going to happen'.

 

Online provider advisory

List of big providers that give you information you should not give per e-mail thus neither by phone.

 

What can be done to prevent account takeovers?

 

Use HTTPS EveryWhere.

This is an extension which supports Google Chrome and Firefox. Microsoft Edge is currently in development.

Install this extension and you'll never get downgraded to a http site where your try to visit a https site.

Upon a ssl downgrade attack, tranfsorming your visited website to http, you username and password are captured by the hacker.

 

So, install this extension and for now, only use Firefox or Chrome to make sure you have HTTPS support forced, keeping your credentials safe.

 

Mozilla Firefox HTTPS EveryWhere

 

Google Chrome HTTPS EveryWhere

 

Microsof Edge Future Development: