Tag: phishing

Phishing Message Targets

What are the targets for phishing messages?

Phishing is where scammers send messages by email, text or phone pretending to be from someone you are likely to trust e.g. your bank, British Gas, Microsoft, your Internet provider, local government HMRC etc.

Basically, they do this in order to get information from you – personal information that can be sold to scammers, spammers and identity thieves.  That includes email addresses, phone number, payment card details, bank account details, date of birth etc.,


Proofpoint’s 2017 Human Factor Report, shows that a quarter of all phishing scams target Apple IDs (i.e. login and password)

TARGET Percentage of Phishing Messages
Apple 25%
Microsoft 17%
Google Drive 12.9%
USAA 12.4%
Paypal 10.6%
Adobe 5.8%
Dropbox 4.8%
Blackboard 4.7%
LinkedIn 4.5%
CapitalOne 2.2%

According to the survey, Scammers seem to have the most success when phishing with Dropbox as that gets far more clicks (13%) than say phishing for Apple (1%)

The fact that fake invoices are used in 26% of phishing scams is not surprising as it is the most popular phishing technique aimed at businesses.

The next most common approaches are:-  malware infected file attachments, mail delivery failure messages, fake orders and fake payments.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Fightback Ninja Signature

The Account Approved Phishing Scam

You receive an email from Customer Service that says Your Account Has Been Approved”.

Sounds good.

Hang on a minute – an account at which business?

The email doesn’t specify – there is no business name.

There is loads of stuff about IDs and passwords and congratulations etc. and the link they want you to click seems to be to www.account-uk.ga/UK/account

The suffix .ga means the website is registered in Gabon, West Africa.

The lack of a business name and the registration in West Africa point to the email being a scam. Plus the simple fact that I haven’t applied for any new accounts and hence cannot have been approved for an account I actually want, makes this abundantly clear.

The temptation with these emails is to click to find out what the account is – but don’t be tempted – it’s just a simple phishing scam whereby the website link takes you to a page that asks for more personal information. Plus, clicking the link will mark you as a gullible person suitable to be targeted for future scams.

These emails often name a well-known bank or other financial organization, large retailer, APPLE, Microsoft etc.

All scams.

Do not click the link.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

How to Spot a Phishing Email


Phishing is where you receive an email that appears to be from a trusted organisation but is designed to get your personal information such as login and password or credit card details.

Anti-virus software can protect you from some of these emails but many get through that protection.

Never put your personal Information in an email!

No reputable company will ask for personal details such as passwords, credit card details, mother’s maiden name etc. by email.  So, if you do get such a request – refuse.

Phishing Emails will usually have some or all of the following indications.

  1. Typing and Grammatical Errors

Many scam emails are translated from another language and that often leaves a tell-tale of poor grammar and odd use of words.  Anything with typing errors shows lack of professionalism and is unlikely to be found in an email from a reputable company. Also, some scammers deliberately put grammatical errors in messages to reduce the number of return messages they get.

  1. An attachment

Never click to open an attachment unless you are sure it is safe.

Attached files can contain viruses and other malicious code that can damage your computer, steal confidential information or hold you to ransom.  If the company is one that you already deal with then contact that company to check the email and attachment are safe.

  1. Links

A link may look as if it is safe but if you hover the cursor over the link then it may display a different value and not what you expect.  If this is different  to the text, then clearly something is wrong and potentially unsafe.

  1. Don’t Fall For Stories

If an email appears to be from a family member or friend  in trouble don’t reply immediately – check the truth of the story first by other means.

  1. The “From” entry

This is just text so the sender can make it show anything they want. To check the email sender – hover the cursor over the name and it should show the real senders email address. Even if this matches it does not absolutely prove that the email came from that address .

  1. The “To” entry

If the email is from a reputable company that you already deal with then it should show your correct name. If it shows nothing or ‘To recipients’ or an unknown name then the email is almost certainly a spam message sent out to large numbers of people. Beware.


Facebook Phishing Scam


There are numerous phishing emails and text messages that try to trick victims into giving away confidential information like account sign-on details or credit card numbers.

Usually, these messages claim the victim’s account has been frozen until they sign on again by clicking a link that leads to a bogus page imitating the real provider of the account.

These can usually be spotted easily but there is a new phishing scam. This is in the form of a comment  on an item on the user’s Facebook page.

The Scammer creates an account with an official sounding, security related name, so the victim may believe the comment has come from Facebook. The comment maker then warns that the user’s account is to be disabled unless the user verifies their details.

The warning says something like :

“Your page has been reported by others about the abuse, this is a violation of our agreement and may result in your page Disabled. Please verify your email account to prove this is your page and help us do more for security and comfort for everyone. Please check your account as proof of legitimate owner of the account that you use. Make sure you enter the correct details below.”

The message has two boxes for recipients to enter their email address and their Facebook password, along with date of birth details and a “Confirmation” button, which is linked to a bogus Facebook page.

In both cases, after providing their sign-on information, victims are asked for their credit card number.

The message warns: “Caution. If you do not update your credit card your payment page will be disabled.”

Sometimes, there’s also a link to a phony PayPal sign-on page.

This is quite a complex and well-executed scam but hopefully the poor wording will flag it up for what it really is. Even if Facebook stop this scam, other scammers are likely to will try something similar.

Facebook has pages of information and guidance about security and what to do in the event you think there is something suspicious in progress.