A few weeks ago my wife told me that she got an unexpected email from the Canada Revenue Agency. They wanted to initiate an Interac e-transfer of $980.99 into her account. The alarm bells immediately started ringing in my head.
- We already received our tax refunds months ago
- They already have our direct deposit info, so an e-transfer doesn’t make sense
- It’s just too good to be true
I took a look at the email she received, it definitely wasn’t from the CRA. Being the curious cyber security guy that I am, I decided to take the bait and click on the deposit link, in a virtual sandbox of course.
As you can see above, the site is looking for valuable personally identifiable information (PII) that no one should have to provide over the Internet. I used my trusty Shodan browser plug-in to determine that the server resides in Romania. I know for a fact that CRA wouldn’t have an office in Romania!
Without entering any information, I clicked continue.
Chrome warns me one page too late that this site may be suspect. I understand the risks to my security, so I visited the infected site.
Now here’s where things gets really interesting. It is looking for information that can cause a world of grief if it fell into the wrong hands. Needless to say, I didn’t enter any information or go any farther.
The Evolution of Phishing
Phishing attacks have been around for years. Financial motivation is still alive and well in these types of attacks. Phishing attacks have also evolved in recent years to include installation of malware as the second stage of the attack.
How can you protect yourself from phishing attacks? Be suspicious of emails asking for confidential information. Legitimate companies and organizations will never request sensitive information via email. Here are some other tips:
- Watch out for generic-looking requests for information. Fraudulent emails are often not personalized while authentic emails from your bank often reference an account you have with it (even authentic emails from your bank will ask you to contact a representative directly). Many phishing emails begin with “Dear Sir/Madam” and some are sent from a bank or an organization with which you don’t even have an account.
- Never use links in an email to connect to a website unless you are absolutely sure they are authentic. Instead, open a new browser window and type the URL directly into the address bar. Often a phishing website will look identical to the original — look at the address bar to make sure that this is the case.
- Don’t get pressured into providing sensitive information. Phishers like to use scare tactics and may threaten to disable an account or delay services until you update certain information. Be sure to contact the merchant directly to confirm the authenticity of their request.
- Make sure you have anti-malware software installed to help combat phishing.
Now please excuse me while I respond to an email from a Nigerian prince.
Thanks for reading! If you found this article useful, we’d love for you to share if on social media. We’re working to share positive and helpful info with people who want to be empowered with the latest best practices in cyber security!
This blog is meant to provide a starting point to implementing cyber security practices within your company. Due to the rapid progression of technology this is an ongoing and ever-evolving subject!