What is a phishing scam? It is an attack carried out by an attacker on a user using a form of social engineering. It often occurs through emails, text messages, and calls with a specific structure and a fraudulent motive through which the fraudster attempts to influence the victim and get what he wants. The list of desires includes passwords, account data, and malware distribution.

Related Content: QR code phishing is a growing cybersecurity threat.

You will likely notice similar emails in your inbox if you are sensitive to your privacy. At the bottom, there is often a requirement to urgently click on a link or a confirmation to enter the system, which you did not open soon. So, what to do if you fall for a phishing scam?

Five signs of a phishing scam

Below we will submit the five most common signs of the phishing scam, after which you will be able to protect yourself from such deception. It is very important to be able to define it correctly, as threat actors apply very sly tactics. In the case of spear phishing, for example, they can counterfeit the email you are waiting for – and make you trust them.

1. Identity verification in your email

Everyone saw it at least one time in their life. Each user has an account – in a bank, online store, or social network, which is tied to an email. Based on this, scammers use this as bait to make a successful phishing attack on the user.

They disguise their messages as a company or bank that you know that says they need to urgently confirm your identity to do some background check or something. In this case, you need to be very attentive and understand whether you were waiting for some message from your company or bank which may relate to your account. If you doubt the legitimacy of such confirmation, better enter the account from your application or the official website, bank, or company and check the presence of any such issues.

2. Addresses or links to a website do not look authentic

Fraudsters carefully approach the issue of falsifying addresses under the actual addresses of some offices. At first glance, these addresses may seem quite similar to the ones banks or companies use to text you. But if you look closely, you can understand that something is wrong with the name. The addresses look similar but are never the same as the official sender has.

Information in letters can also be malicious. For example, this malicious stuff can be in the links inside the message body. Clicking on them will take you to a malicious site where you’ll likely see a phishing form, or a malicious offer. To avoid this, hover over them and check the link’s current address.

3. Poor spelling and illiteracy of the writing itself

Read the letter carefully before agreeing to anything you see or read. The presence of gross grammatical and spelling errors should give you an idea of the legitimacy of this letter. Major sites, stores, banks, and companies will protect their reputations and avoid minor missteps. It is their image in the customers’ eyes, so they are interested in taking care of their visuals.

Read carefully everything you see, and look at the structure, whether there is a greeting, the central part, and a logical ending. That way, you can determine if the letter is genuine.

4. Suspicious attachment

If you have received an email with an attachment you will be asked to go to, you should check it well. Scanning the attached file with the antivirus is a good idea. At least, you should be on the alarm when seeing the offer to enable macros in the document. Through such attachments, fraudsters often try to distribute malicious URLs that lead to the installation of Trojans and malware on your device.

5. The purpose of the phishing message is to make you panic.

Here we return to our main slogan of the article – “Your account is blocked”. Yes, this is also one of the features of phishing scams. Malefactors use such phrases to drive users into a panic. It is a psychological technique so that the user does not have time to think clearly. In a panic, you go to the link or enter the info to the attached form, and thereby compromise their data.

They can add a list of frightening phrases – “your computer is infected,” “we leaked your data”, and others like that. To verify that these threats are real, log in to your accounts through official sources, not through the ones you see in a letter. Since there could be real cases of such notifications, you should verify the authenticity of such threats.

The post “Your Account Has Been Locked”: Top 5 Signs of a Phishing Scam appeared first on Gridinsoft Blog.

Email spoofing or spoofing email is the forgery of the sender’s email addresses. The address specified in the sender’s string is often false; if you send a response to this address, it is likely to come from a third party. The purpose of this scam is precisely to deceive the user and not to be declassified.

Reasons for Email Spoofing

If you think that email spoofing is only to harm, you are wrong; sometimes, it is used for legitimate purposes. Companies that use external contractors for specific purposes, but at the same time, their replies should come from the company’s address. companies do not want to disclose the names of specific employees who correspond with customers on behalf of the company. It should also note that the complete change of the headers From and Reply to is changed for legitimate purposes. Malicious spoofing involves the following purposes:

• Spam: In this case, the attackers send their letters on behalf of famous companies, banks, and other organizations.
• Phishing: Here, fraudsters forge email addresses so that the composed letters convince the victim to go to a phishing resource and enter all personal or financial data.
• Compromising corporate mail: The attacker is disguised as a familiar person, for example, a partner, employee, friend, representative of the organization, etc. Then they try to get all the information they need about you, convince you to transfer money or give out the organization’s confidential information.
• Extortion: The attacker convinces the victim that he has hacked the user’s system or device and that the victim needs to pay a ransom to get it back. So the fraudster blackmails the user without foundation.

Types of Email Spoofing

Fraudsters use different ways to make a successful operation. Below we will present the most common methods of spoofing.

1.Sharing a similar domain

To successfully spoof, fraudsters carefully imitate the addresses of senders under the addresses familiar to your organizations, companies, and others. To do so, they shall take the following steps:

• replace the first level domain, for example, support@spotify.co
• replace the second-level domain for first-level national domains, for example, support@spotify.com.ru
• replace the second-level domain with other characters or a letter, for example, support@spatify.com
• replace the second-level domain to cause an association with the company masquerading as an attacker, for example, support@spotifyinfo.com
• use the name of the company under which the fraudster is disguised as a mailbox. looks like this: support.spotify@gmail.com

2.Substitution of sender’s name

In this case, the sender’s name is falsified, and the From and Reply-To header contains the fraudster’s address. This method is often developed on mobile mail clients because they only have a default name.
As their name, fraudsters often use:

• The false terms of the company or organization that usage.
• Fake names with a phony email address.

3.Changes the significance of the From and Reply-to fields

Because the SMTP protocol does not authenticate headers, fraudsters can easily forge addresses in the From and Reply fields without being noticed. Thus, they have the privilege of not being caught, as a fake is almost no different from the original.

Protection from Email Spoofing

Malicious messages can get into your email for the most incomprehensible reasons, even if there is security. It means you should take the following steps to protect yourself from fraudsters.

Avoid strange attachments or unfamiliar links. If you received a suspicious email that you did not expect and it asks you to authenticate or click the link to confirm your identity or enter the data in the attached form-not, be kept. To make sure that this letter is from a legitimate organization, open the official website of the organization, log into your account and see if you have received a letter from there.

Recheck the contents of your email using your browser. It is clear that there is no need to be afraid of anything that comes to the post office, but checking all that you get will not be superfluous. If you are confused by the content of the email, copy it and paste it into the browser search bar. If this is a fraud, you will already see similar emails from other users complaining about this.

Don’t fall for the winnings. Pranks and gifts are another way to influence users. If you are sure you did not participate in any lottery, this is definitely not your win. It’s just a scam by a crook to compromise your data.

Use antimalware software. Antivirus software will help you prevent attacks from malware and fraudsters. It will scan everything on your device and remove all pests that have come to your device. Antimalware software will not be able to track messages from scammers, but the servers to which you can go through such a message, antimalware, will perfectly track and will not allow this infection to get on your device.

Use email security protocols. To reduce the flow of spam and threats, you must take care of security protocols. For example, some companies use SMTP, SPF, and DKIM mail to improve their security.

The post How to Prevent Email Spoofing in 2022 appeared first on Gridinsoft Blog.

Massive outbreak of extension spoofing in email spam

Email spam is a form of malware spreading that became very popular at the edge of the current decade. It was used earlier as well, but with a much smaller scale. This spreading way may fit different needs – from massive spamming without target selection to spear phishing against the corporation employees. In modern practices, email spam usually contains something that makes the victim believe in the legitimacy of this letter. Background similar to the one used by FedEx, some routine patterned words about the incoming delivery – and voila – user believes you. After gaining your trust, they will try to trick you into following the link, or opening the attached file – the latter usually contains malware. The former, however, may lead the victim to the phishing page, or to the exploit site, where crooks will try to install malware.

Hence, if attaching the malware was not something new – what is the reason to wonder about the new wave? Hundreds of them happen each day, so they do not look like something worth attention. The peculiar item about those attacks is that they apply the use of extension spoofing techniques in order to disguise the attached file. That approach was not seen for a long time – but it popped up, again.

What is extension spoofing?

Extension spoofing is a trick with file names that visually changes the file format. It is based on Windows default settings of file extension display. By default, you see only the filenames – without extensions. When you spectate the opened folder in a list view mode, you’d likely fail to see the file icons. Therefore, you can add the extension you want to the end of your file, but in fact leaving it unchanged.

For example, you can make the batch script file and name it as “tuxedo-cat.png.bat”. Users will see it as “tuxedo-cat.png”, but in fact it will be the batch file that will run as soon as you’d try to open it. Moreover, low-skill users may easily miss the second extension, thinking that the first one is original. That trick is very old, but still effective – especially with the latest visual updates in Windows.

Who is under attack?

Most of the spectated cases appear in Spanish-speaking countries. Users from Mexico, Chile, Ecuador and, exactly, Spain reported the appearance of routinely looking emails with attached files. The latter had the naming like “confiromidad entrega material ].xlsx.exe or “resumenes info socioeco.xlsx.exe”. As you can see, the extension spoofing there has its easiest form – the one you can uncover by just seeing the detailed information about the file. However, the victims were tricked by the file names – they were too similar to the documents you work with everyday.

In those files, the coin miner virus is hiding. When you are trying to open this file, thinking it is legit, you will see no effects. But in the background, malware starts its nasty job. Coin miners, as you can suppose by the name, exploit your hardware to mine cryptocurrencies. Contrary to legit miners that you can install these do not let you to set how much hardware power they can use. You will see your CPU and GPU overloaded, so the PC will be barely operable.

How to prevent extension spoofing and email spam?

There is not a lot you can do about the exact email spam. Mailing will be possible until you have an active email account. However, you can do a lot to make the spam much less relevant and thus less believable.

Extension spoofing is much easier to prevent. There are techniques which allow the crooks to mask the file in a more reliable way, but they are rarely used these days. Most cases can easily be mirrored with simple diligence.