Most of us have an image of cyber-criminals as hackers in shadowy rooms with Guy Fawkes masks writing special code to conduct cutting edge attacks, the reality is that these criminals are simple scam artists. Breaking through modern security systems is an incredibly di�cult feat to achieve, it is much simpler to trick someone with existing access into divulging the information required.

Types of scamPhishing is an email sent from an Internet criminal disguised as an email from a legitimate, trustworthy source. Most commonly seen trying to gain your bank details.

Spear Phishing occurs when criminals obtain specific information about you from websites or social networking sites, and customise a phishing scheme to you.

Spoofing describes a criminal who impersonates another individual or organisation, with the intent to gather personal or business information.

Pharming is a malicious website that resembles a legitimate website, used to gather usernames and passwords.

More often than not two attack types will be combined, for example a spear phishing email will lead you to a Pharming website.

Some recent attacks have been prefaced by a few emails setting up the victim to receive an attachment. In these cases, it was the poor spelling and grammar, and the use of shortened links (bit.ly) that prevented the users from going further.

Recognising a scamIf any of the following elements appear in any electronic communication (including phonecalls) they should be treated as suspect:

• Asking for your username or password – genuine contacts will not do this.

• Time sensitive threats – “If you do not respond your account will be closed”

• Spelling and grammar mistakes• Impersonal greeting – “Dear Account Holder”• Unexpected files or downloads• Links that do not correspond with the sender’s

organisation• Reply addresses that do not match the sender

Secure websitesAny website which allows you to sign in and holds personal data should be protected with a valid SSL Certificate to verify the site identity. This can be checked when you look at the address bar in your browser.

Chrome

Internet Explorer

Mozilla Firefox

In all three examples the padlock theme is apparent. Other browsers will also show this security in a similar fashion.

Checklist• Do you know the sender?• Are you expecting an email with a link or

attachment (from that sender)?• Have you received safe links or attachments from

that sender in the past?• Does the “reply” address check out? (Click the

reply button in your email client and make sure theaddress matches the sender address)

• Are links written in full e.g. http://www.google.co.uk rather than http://bit.ly/ggl ?

• Have you confirmed any new payment or banking details provided via another means?

If the answer to any of these questions is “No”, phone the sender and verify the attachment or link is genuine before proceeding. It is best to use a number you know to be safe, and not rely on one in the email.

DO• Verify all emails with attachments or links using the

checklist above• Use strong passwords• Use a di�erent password for each service• Turn on Multi Factor Authentication where available• Ask for a second opinion if unsure, we would rather

verify an email for you than deal with the results of a data breach.

DON’T• Open links without checking• Open unexpected attachments• Give anyone your password• Visit websites that show a certificate error• Leave your PC unlocked (Press WinKey + L to

quickly lock)

www.rioit.co.uk | 01206 235 000 | hello@rioit.co.uk

Email & Web Security

Keep

me

near

you

r mon

itor