Wednesday, July 30, 2014

Naked Security: Anatomy of an iTunes phish

Naked Security: Anatomy of an iTunes phish – tips to avoid getting caught out

... We often forget that many things are "obvious" only with experience, meaning, in fact, that they're not really obvious at all.

That's why we do phishing walkthroughs fairly regularly on Naked Security.

The idea is to step you through a typical email phish, pointing out the telltale warning signs in the original email and the web pages that follow, so you know what to look for in future.

So, even if you'd back yourself to spot a phish every time, here's a step-by-step account that might help to save your friends and family in the future. ...

This is a great article that everybody should read. We all like to think we would never fall for a phishing scam, but it's sometimes easy to forget yourself. Even I have occasionally seen a scam-mail message and, for a moment, considered that it might be real. Fortunately, I've never believed it long enough to click on a link or give the scammers any information, but not everybody is that observant and some scams are better-crafted than others.

This file is a walk-through a scam that is currently making the rounds of the internet, along with lots of notes about what should be red-flags for you and what you should look out for.

Without rehashing the entire article (please go read it), the biggest telltale is the URL that the links point to. An official mail message from a legitimate corporation will direct you to a URL that belongs to the corporation's domain, and will come from a mail server that belongs to that corporation's domain. Apple will never send you mail from a Gmail account, and a government agency won't use a free-mail service for official business.

(Yes, I'm aware that Lois Lerner used a personal mailbox for official business as a part of her activities in the IRS scandal. That doesn't change what I wrote above, since she was almost certainly using this mailbox as a part of criminal activity.)

BTW, what do you think of the boxed-quote at the top of the article? I'm playing around with some CSS work to make linked articles look better.

No comments: