Category: Phishing

Most Common Phishing Scams

Phishing scams are where the scammer tries to get your confidential information by subterfuge of some kind.

e.g. you get an email saying you have won the lottery and just need to fill in your details to claim the money or you have an overdue tax payment to make immediately and you have to login to make the payment (on a fake website)  or …..

The most common categories of phishing in 2021 were :

Spear Phishing

This is where phishing is targeted at specific individuals or companies.

Perhaps an email arrives, claiming to be from a trustworthy source and the sender knows your full name, job title and department for example. The scammer has done their homework to get this information about you to give the scam a higher chance of success.

A link in the message takes you to a bogus website made to look like the expected website. The fake website looks legitimate but only exists to take the users confidential information and pass it to the scammer.

Whaling

This is where scammers target a “big fish” like a business executive or celebrity. These scammers often conduct considerable research into their targets to find an opportune moment to steal login credentials or other sensitive information. If you have a lot to lose, whaling attackers have a lot to gain.

Vishing

One scam on the rise is ‘vishing‘, or voice phishing. Con artists phone people and pretend to be bank staff or the Police or some other authority figure and have a story that lets them try to get the subject’s personal details, credit card details, bank account password etc. depending on the specific scam.

For the bank account scam, they typically warn of fraudulent activity on your account. They then persuade you to move your account to a safe place (which happens to be an account owned by the scammer) and they convince you to give them the details necessary for the transfer or convince you to move the money yourself.

Stay safe.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

The SharePoint Phishing Scam

Security researchers at Microsoft are warning all users of SharePoint about phishing scams imitating SharePoint.

SharePoint is a Microsoft collaboration tool for businesses and it is very popular so there are millions of users for these scammers to target.

The scammers try to steal logins and passwords from business users. It might seem a strange way to get money but the scammers will use those credentials to access company data in the hope of finding sensitive information, bank accounts, payment cards etc.

Even just email accounts and passwords they find  can be sold to other scammers on the dark web.

Some scammers focus on getting access to sensitive information then trying to blackmail the company – pay or your files will be encrypted or deleted.

These scam messages are generally profession looking and have the correct logos etc. Without inspection, they look real and users not familiar with fake SharePoint messages can sometimes be fooled.

The message contains a link that looks like a normal SharePoint link but if you check then you will see it doesn’t go to a SharePoint address but to a standard website address nothing to do with your business.

If you click the link you will be asked for your login and password. This is not SharePoint behaves so don’t give your details.

The messages subject line can be anything from Holiday booking to late meeting to price book to invoice due.

If you receive a SharePoint message and are unsure then check the ender’s email address. If its not the person you expected then delete the message.

If you have any experiences with these scams do let me know, by email.