Comments on: Common phishing scams and how to prevent them

By: 5 ways to protect yourself against encrypted email attachment malware | Emsisoft | Security Blog

Mon, 16 Jul 2018 14:00:11 +0000

[…] email inbox is a digital minefield. Phishing can lure unsuspecting users into willingly giving away their personal information, while seemingly […]

By: Why is layered malware protection important? | Emsisoft | Security Blog

Mon, 16 Apr 2018 12:47:35 +0000

[…] of known malicious hosts that is updated every 15 minutes to keep you protected against malware, phishing, potentially unwanted programs (PUPs) and privacy risks. In this way, Emsisoft Anti-Malware can […]

By: Holger Keller

Holger Keller — Wed, 26 Apr 2017 13:47:00 +0000

In reply to Andre Foulon.

Great story, thank you for sharing Andre. We have covered Microsoft support scams in a previous post (http://blog.emsisoft.com/2016/11/17/microsoft-calling-mind-the-tech-support-scammer/), they are still very active and very much a threat. But your experience also highlights the importance of awareness about these types of scams.

This is why we are writing these articles. The more that is known about their tactics, the better prepared you will be to spot if once it happens to you (and let’s face it, it will happen to all of us).

By: Andre Foulon

Andre Foulon — Wed, 26 Apr 2017 08:30:00 +0000

A while ago I received a call, supposedly from Microsoft. The gentleman told me my computer was generating spam e-mails and I would be facing legal action unless I gave him remote access to it. A friend of mine had been caught by one of these, so I proceeded to ask which of my five computers was the culprit. The gentleman asked what kind those were and I told him there was a legacy 486 laptop running on Windows 95 that I used exclusively to play arcade games, a MacBook Pro running OSX, a desktop running Linux, my iPad 2 and finally an older desktop running Windows 7. He said it would likely be the last of the list. So I said I needed to crank this one up, which would take a while as it was pretty cluttered with bloatware. I put the phone down and continued washing my dishes.
After about 5 minutes I returned and asked if he still was on the line. He was. I told him thanks for his patience as the Australian Federal Police now had had plenty of time to locate his whereabouts and seeing these were in India (going by the accent) Interpol would be kicking his door down round about now. I never had anyone hang up on me so quickly and haven’t received a software “support” call since.

By: Holger Keller

Holger Keller — Mon, 24 Apr 2017 13:14:00 +0000

In reply to Chuck C..

Glad you found the article helpful Chuck. And well done not falling for the Paypal phishing scam: you acted absolutely by the book! As you mentioned, Paypal has long been one of the main companies that are being used by phishing scammers to trick you into clicking on a link. But ebay, amazon and others are also very common.

Excellent suggestion to stress even more to access a site directly rather than clicking a link. We’ll add that to our suggestions that, when in doubt, type in the site directly into the browser and log in.

Have a great day!

By: Chuck C.

Chuck C. — Mon, 24 Apr 2017 01:23:00 +0000

Thank you very much for your informative (as always) article.
I did need to share about a highly sophisticated phishing scam that I was subjected to (and came very close to succumbing to!!) —
For many, many years, I have really appreciated being able to make a high percentage of my online purchases via PayPal. One day, I received an email that VERY apparently was sent to me by PayPal:: The email was headed with the ACTUAL PayPal Logo & the language in the email was very professionally worded. The email simply informed me that PayPal was needing to (.. & I apologize for not recalling their precise term ..but it was something like…) confirm that I wanted to retain my account with them; and in the middle of the email was a graphical button that would direct me to the (supposed) PayPal website to confirm. Because everything in the email appeared very much on the up & up, I am embarrassed to admit that I came very close to clicking that button! ! And then I thought, would this not be the very approach that a sheister(Sp?) would take? So, instead of responding to the email, I simply logged into my PayPal account (protected with 2FA), noticing that there was zero notifications waiting for me; And After that, I visited PayPal’s Fraud Department, which requested that, if I had received any email that appeared to be falsely from PayPal, if I could kindly forward that email to the PayPal Fraud Department — which I did. In response, PayPal sent me a very glowing “thank-you” email informing me that their staff had investigated & confirmed that I had received a phishing email. (And, by the way, they seemed to suggest that PayPal is very commonly a target of phishing!) My guess is that in the article you could have been even More emphatic that a legitimate corporate email will simply never include a link to access their site .. OR at the VERY Least, Never, _NEVER_ access a company site via an email link: You can Always get to that site by entering a _Confirmed_ URL into your browser’s address bar.
Thanks again, Chuck

By: LMPR

LMPR — Fri, 21 Apr 2017 21:48:00 +0000

I had my share of fraudsters too. All ranging from non-existent winning, money transfer, bank scams, suspicious attachments and all that kind of crap. Once even I had that phone call scam from “Bank support” asking my passwords and it was bank which I DON’T have account on. How hilarious. I told him straight that bank never calls to customer ask passwords and if you continue this call I will call to police after this call. He hung up immediately after I said that. What a dumb ass.

By: Holger Keller

Holger Keller — Thu, 20 Apr 2017 20:11:00 +0000

In reply to TripleRLtd.

Glad you found it useful enough to share it with others; we really appreciate it.
If you feel we have left anything out, let us know and we’ll incorporate it into the article to make it as complete as possible.

Oh and thanks for pointing out our slip up. Fixed it ;)

By: TripleRLtd

TripleRLtd — Thu, 20 Apr 2017 20:03:00 +0000

Good stuff, and as tech support for many (and one phishing attempt this morning) I will forward this to many.

That said, you raise an excellent point here:

“Think about how meticulous you are about your spelling in an email to a customer, your boss or a work colleague. Now imagine the importance a financial organisation, such as your bank, would place on ensuring all brand communication was immaculately presented…”

On that note I have to say that the word you wanted above that is “piqued”, and not peaked. Just sayin’.)

By: Holger Keller

Holger Keller — Thu, 20 Apr 2017 18:22:00 +0000

In reply to Azure. Hi Azure, thanks for sharing your Apple example with us, and glad to hear we had already flagged it as malicious :) Great thought on adding a comment regarding the certificate, we'll make sure to add that into the article!

By: Azure

Azure — Thu, 20 Apr 2017 17:52:00 +0000

A few weeks ago I received two emails from “Apple”.The email said my account was used to buy something from the App Store (Which I don’t see how cause my account isn’t linked to my credit cards or any form of payment).

Decided to investigate a little. So, I copy the links giving into an online unshortening service (They seem to like using link shorteners). Posted the URL at Virustotal, and among the ones the reported the URL as malicious was Emsisoft (Apple should let you guys develop a security software for IPhones).
Even if the link was reported as “clean” I still wouldn’t log-in from an Email that was send without my input. I prefer to go directly to the website on my laptop, and check my account history then.

I already reported the emails and links to Apple. For now, they seemed to have giving up trying to trick me or Apple dealt with them.

Btw, adding to the ‘Look for HTTPS’ segment, it might be a good idea to check the certificate of the site. Cause I highly doubt companies like Google, Apple or Microsoft with their millions of dollars would bother using a Let’s Encrypt certificate. And apparently that’s how some scammers are pretending to be legitimate.

By: Holger Keller

Holger Keller — Thu, 20 Apr 2017 12:44:00 +0000

In reply to Tempus.

Thanks for sharing your experience Tempus. And glad to hear you’re savvy enough not to fall for them. ;) Surely some of our examples were pretty obvious, but our Lab team is coming across more and more sophisticated scams every day.

Nice tip on the channel. Our Emsisoft channel is actually subscribed to it already, as we agree that there are very useful videos to check out.

Keep the suggestions coming!