Don't Fall Prey to a Phishing Scam

by PNG Business News - July 15, 2021

Phishing prevention has become essential as more criminals turn towards online scams to steal your personal information. Since you will likely be exposed to a phishing attack eventually, you’ll need to know the red flags.  Because scams are nothing new on the web, but phishing is harder to spot than you might think.  Across the web, phishing attacks have baited unsuspecting victims into handing over bank info, cash, and more. If you so much as click a link, you could be the scammer’s next victim.

What is Phishing?

Phishing persuades you to take an action which gives a scammer access to your device, accounts, or personal information. By pretending to be a person or organisation you trust, they can more easily infect you with malware or steal your credit card information.

In other words, these schemes “bait” you with trust to get your valuable information.  These schemes may urge you to open an attachment, follow a link, fill out a form, or reply with personal info.  You must be on guard at all times which can be exhausting.

These threats can get very elaborate and show up in all types of communication, even phone calls. The danger of phishing is that it can deceive anyone that isn’t on guard. Let’s unpack how phishing attacks work.

How does Phishing work?

Anyone who uses the internet or phones can be a target for phishing scammers.  Phishing scams normally try to:

  • Infect your device with malware
  • Steal your private credentials to get your money or identity
  • Obtain control of your online accounts
  • Convince you to willingly send money or valuables

Sometimes these threats don’t stop with just you. If a hacker gets into your email, contact list, or social media, they can spam people you know with phishing messages seemingly from you.  Trust and urgency are what makes phishing so deceiving and dangerous. If the criminal can convince you to trust them and to take action before thinking — you’re an easy target.

Who is at risk of Phishing Attacks?

Phishing can affect anyone  - everyone from the elderly to young children are using internet devices nowadays. If a scammer can find your contact information publicly, they can add it to their phishing target list.  Your phone number, email address, online messaging IDs, and social media accounts are harder to hide nowadays. So, there’s a good chance that just having one of these makes you a target.

Spam Phishing

Spam phishing is a broad net being thrown to catch any unsuspecting person. Most phishing attacks fall into this category.  To explain, spam is the electronic equivalent of the ‘junk mail’ that arrives on your doormat or in your postbox. However, spam is more than just annoying. It can be dangerous, especially if it’s part of a phishing scam.

Phishing spam messages are sent out in mass quantities by spammers and cybercriminals that are looking to do one or more of the following:

  • Make money from the small percentage of recipients that respond to the message.
  • Run phishing scams – in order to obtain passwords, credit card numbers, bank account details and more.
  • Spread malicious code onto recipients’ computers.

Spam phishing is one of the more popular means that scammers get your info. However, some attacks are more targeted than others.

Targeted Phishing

Targeted phishing attacks usually refers to spear phishing or it most common variant whaling.  Whaling takes on high-level targets, while spear phishing widens the net. Targets usually are employees of specific companies or government organisations. However, these scams can easily be aimed at anyone seen as particularly valuable or vulnerable.

You might be targeted as a customer of a targeted bank, or an employee of a healthcare facility. Even if you’re just responsive to a strange social media friend request, you might be phished.  Phishers are much more patient with these schemes. These personalised scams take time to craft, either potentially for a reward or to increase the chances of success.  Building these attacks may involve gathering details about you or an organisation you happen to be involved with. Phishers might take this information from:

  • Social media profiles
  • Existing data breaches
  • Other publicly discoverable info

Moving in for an actual attack might be swift with an immediate attempt to encourage you to take an action. Others might build a connection with you for months to earn your trust before the big “ask.”  These attacks aren’t limited to direct messages or calls — legitimate websites might be hacked directly for a phisher’s benefit. If you’re not careful, you might be phished just by logging in to site that is normally perfectly safe.  Unfortunately, it seems many people are convenient targets for these criminals. Phishing has become a new “normal” as these attacks have ramped up in frequency.

Some examples of common Phishing scams

Whilst it would be impractical and impossible to list every known phishing scam here, there are some more common ones you should definitely look out for:

Iran Cyberattack phishing scams use an illegitimate Microsoft email, prompting a login to restore your data in attempts to steal your Microsoft credentials. Scammers use your fear of being locked out of Windows and the relevance of a current news story to make it believable.

Office 365 deletion alerts are yet another Microsoft-related scam used to get your credentials. This email scam claims that a high volume of files have been deleted from your account. They give a link for you to login, of course resulting in your account being compromised.

Notice from bank. This scam tricks you with a fake account notification. These emails normally give you a convenient link which leads to a web form, asking for your bank details “for verification purposes.” Do not give them your details. Instead, give your bank a call as they may want to take action on the malicious email.

Email from a ‘friend’. This scam takes the form of a known friend who is in a foreign country and needs your help. This ‘help’ normally involves sending money to them. So, before you send your ‘friend’ money, give them a call first to verify whether it’s true or not.

Contest winner/Inheritance email. If you’ve won something unexpectedly or received an inheritance from a relative you've never heard of — don’t get too excited. Most of the time these emails are scams that require you click on a link to enter your info for prize shipment or inheritance ‘verification’.

Coronavirus/COVID-19 phishing scams are the latest.  One of the most notable is the Ginp banking trojan which infects your device and opens a web page with a “coronavirus finder” offer. It baits people into paying to learn who is infected nearby. This scam ends with criminals taking off with your credit card info.

Steps to protect yourself from Phishing

Internet protection starts with your mindset and behaviour toward potential cyberthreats.  Even for cautious users, it's sometimes difficult to detect a phishing attack. These attacks become more sophisticated over time, and hackers find ways to tailor their scams and give very convincing messages, which can easily trip people up.

Here are a few basic measures to always take with your emails and other communications:

  1. Employ common sense before handing over sensitive information. When you get an alert from your bank or other major institution, never click the link in the email. Instead, open your browser window and type the address directly into the URL field so you can make sure the site is real.
  2. Never trust alarming messages. Most reputable companies will not request personally identifiable information or account details, via email. This includes your bank, insurance company, and any company you do business with. If you ever receive an email asking for any type of account information, immediately delete it and then call the company to confirm that your account is OK.
  3. Check email addresses.  Some replicate very closely the ‘real’ email addresses of companies – some just use a gmail address – a sure sign that it’s a scam.
  4. Do not open attachments in these suspicious or strange emails — especially Word, Excel, PowerPoint or PDF attachments.
  5. Avoid clicking embedded links in emails at all times, because these can be seeded with malware. Be cautious when receiving messages from vendors or third parties; never click on embedded URLs in the original message. Instead, visit the site directly by typing in the correct URL address to verify the request, and review the vendor's contact policies and procedures for requesting information.
  6. Keep your software and operating system up to date. Windows OS products are often targets of phishing and other malicious attacks, so be sure you're secure and up to date. Especially for those still running anything older than Windows 10.

Reducing your spam to avoid Phishing

Here are some more useful tips – from Kaspersky’s team of Internet security experts – to help you reduce the amount of spam email you receive:

Set up a private email address. This should only be used for personal correspondence. Because spammers build lists of possible email addresses – by using combinations of obvious names, words and numbers – you should try to make this address difficult for a spammer to guess. Your private address should not simply be your first and last name – make it hard for scammers to guess.

Set up a public email address. Use this address when you need to register on public forums and in chat rooms, or to subscribe to mailing lists and other Internet services. Treat your public address as a temporary address. The chances are high that spammers will rapidly get hold of your public address.  Don't be afraid to change your public email address often.

Phishing and the importance of Internet Security Software

One of the simplest ways to protect yourself from becoming a victim of a phishing scheme is to install and use proper Internet security software on your computer. Internet security software is vital for any user because it provides multiple layers of protection in one simple-to-manage suite.

Anti-spam software is designed to protect your email account from phishing and junk emails. Anti-malware is included to prevent other types of threats. Similar to anti-spam software, anti-malware software is programmed by security researchers to spot even the stealthiest malware. By using an anti-malware package, you can protect yourself from viruses, Trojans, worms and more.  By combining a firewall, anti-spam and anti-malware into one package, you can provide extra backups that keep your system from being compromised, if you do accidentally click on a dangerous link. They are a vital tool to have installed on all your computers as they are designed to complement common sense.  In addition to having virus protection software on your computer, it is crucial to use a password manager to manage your online credentials. Today, it is vital to have different passwords for all websites. If a data breach ever occurs, malicious attackers will try using the discovered credentials across the web.

While technology is a rapidly evolving field, by using a security package from a reputable security vendor, you can secure your devices from phishing and other malware threats.

Savi Moni offers a range of financial literacy training, tools, tips and resources aimed at improving the financial wellness levels of Papua New Guineans.  It’s no use being financially ‘well’ and then lose your hard earned cash to Phishing Scams.  Learn more at www.savimonipng.com

 

Information in this article sourced from https://www.kaspersky.com/


Place your Ad Here!


Recent Articles

Business

PNG Business News - August 12, 2022

Going Green: FAO-led EU-STREIT PNG Programme provides green-powered facility to local agricultural authorities to effectively service rural farmers

EU Funded UN Joint STREIT Programme in Papua New Guinea establishes a renewable energy-powered facility to support local government authorities in East Sepik Province, in delivering effective services to rural farmers and entrepreneurs.  With generous support of the European Union, the FAO-led EU STREIT Programme officially opened a new 3 cluster office building on 10 August 2022, to host the Programme along with the East Sepik provincial divisions of Agriculture and Livestock, Cocoa Board and the National Agriculture Quarantine & Inspection Authority. The new-look office building is powered by 189 solar panels, which significantly reduce greenhouse gas emissions and reduces the collective dependence on fossil fuel. The solar panels supply the building with 90 KW of energy, relieving the resident agencies and authorities from relying on fossil-generated electricity for their needs, including lighting, ICT, water pumping, and temperature control. This zero-carbon-emission facility has the capacity to accommodate around 90 experts, technicians and extension service officers. Equipped with 120 batteries, the building can support staff’s operation for 36 hours in case of experiencing high cloud cover. The building, currently co-resided by the Programme and provincial agricultural bodies, will be transferred over to the East Sepik Provincial Administration at the end of the Programme and will continue to provide a sustainable base for sustainable support to agriculture-related services in the Province. Officiating the opening ceremony, His Excellency Ambassador Jernej Videtič, Head of the European Union Delegation to PNG, in his address, said: “I am happy to be here and to see that things are moving in the right direction to bring sustainable benefits to the people of East Sepik” Ambassador Videtič further highlighted that “with resources from the citizens of Europe to fund the EU-STREIT Programme in providing training, tools and support, the quantity and quality of cocoa, vanilla and fisheries products will increase. The objective is also to protect these quality products in international markets under the EU-STREIT introduced initiative of Geographical Indication.” The East Sepik Acting Deputy Provincial Administrator, Mr James Baloiloi, in his speech expressed his appreciation to the EU for funding the EU-STREIT Programme and the interventions that the Programme is doing in East Sepik and Sandaun provinces. “The STREIT Programme has gone ahead to introduce a culture of agribusiness that now enables the people of this Province and the people of Sandaun Province to have cash income that can sustain their livelihoods.” Mr Baloiloi added, “this infrastructure and building supports us and facilitates the service delivery to our people in this Province as well as Sandaun Province.”  Thanking the EU for its generous funding support, Dr Xuebing Sun, the EU-STREIT Programme Coordinator, said: “the Programme has generated substantial impacts at beneficiary, local institutions and enabling business environment levels. This would not be possible with good partnership, increased ownerships and leaderships of the governments and implementing partners.” “This co-residing and close co-operation among UN agencies and their national partners in this integrated space reflect the partnership approach taken by the Programme to sustainably develop agri-enterprise activities in the region,” added Dr Xuebing Sun, adding “the new climate-friendly facility, which is fully powered by solar energy, also provides a space to welcome, advise and serve the farmers, including interested women and youth, who play very important roles along agri-food value chains”. “This kind of ‘green investment’ enables a shift to a more green economy for local institutions and infrastructure to meet cocoa, vanilla and fishery value chains stakeholders” advised Anthony Bennett, the FAO Lead Technical Officer of the EU-STREIT PNG Programme. United Nations’ implementing partners supporting the FAO-led EU-STREIT PNG present in the office include the International Labour Organization (ILO), International Telecommunication Union (ITU), United Nations Capital Development Fund (UNCDF) and United Nations Development Programme (UNDP). The EU-STREIT PNG is being implemented as a UN Joint Programme (FAO as leading agency, and ILO, ITU, UNCDF and UNDP as implementing partners), is the largest grant-funded Programme of the European Union in the Country and the Pacific region. It focuses on increasing sustainable and inclusive economic development of rural areas through increasing the economic returns and opportunities from cocoa, vanilla and fishery value chains and strengthening and improving the efficiency of value chain enablers, including the business environment and supporting sustainable, climate-proof transport and energy infrastructure development.

Business

Paul Oeka - August 12, 2022

CPAPNG annual meet to discuss global changes

Certified Practicing Accountants of Papua New Guinea will be hosting their 23rd annual conference with about 400 participants nationwide expected to attend the two day conference organized by CPA PNG in Lae Morobe Province from August 18 to19, 2022 CPAPNG was established in 1974 and has come a long way with a lot of achievements along the way. Over the years its membership grew from mere numbers to just below 2000 which includes 40% locals and 60% non-citizens. . The CPA PNG conference is one of CPAs three significant annual events on their calendar with this year's conference theme; Is PNG prepared for the recession?" The conference will see certain key leaders in executive management roles from both the public and private sector delivering presentations in line with the conference theme. CPA PNG's Executive Director Mr. Yuwak Tau said the theme of the conference was selected because there was a decline in the global economy and the general so when that eventuates small economies tend to be affected. He added that they have basically selected the theme that was current and appropriate so that members would find relevance during the course of the conference. “The meeting is to create intellectual and interactive discussions with seasoned business leaders to present and share their ideas and experiences to find probable outcomes within their business environment and industries in times of economic uncertainty”. Some of the topics to be presented by consultants are current significant issues such as crypto currency, transport pricing, bit coin block chain technology and stress management. This were some topics that people have heard about but have not really ventured into. Mr. Tau added that it would be quite hard to measure the benefits immediately but the participants will be able to look at insights shared during the conference that would be appropriate in the areas of employment, accounting, finance, auditing and others. The conference will create an environment where participants can also share information so That they can take points to apply in their work place and industries. In relation the Kumul petroleum Holdings had also presented a cheque of K50, 000 to support the coming event at their head office. The cheque was presented by KPHL's executive General Manager Corporate Affairs, Luke Liria and was received by CPA PNG Chairman Richard Kuna. Mr. Liria said KPHL has appreciated the effort put in by CPA PNG to ensure that its members in State owned enterprises and the private sector were given appropriate level of training and as part of KPHL's corporate social responsibility and commitment they hope that their support will continue to help the organization facilitate and make sure the accounting practices is of international standards. CPA PNG's Chairman, Richard Kuna acknowledged KPHL for their support and stated that he was looking forward to seeing KPHL being a big part of the upcoming conference.

Business

Paul Oeka - August 12, 2022

BSP: Small to Medium Enterprises Loans reaches 60% rate.

Bank South Pacific's Financial Group Ltd Chief executive officer Mr. Robin Fleming has recently announced that the bank has granted more than K200 million as loans to small to medium enterprises under its credit scheme facility that the then Marape government had released to the bank to support Small to Medium Enterprise (SME) and local businesses during the peak of the COVID-19 pandemic. Mr. Fleming said about 1523 customer loans have been approved, that is about 60% of loan approval rates since 2019. Prior to this announcement BSP and the Department of Commerce and Industry (DCI) had agreed to increase the maximum loan under the small-to-medium enterprise (SME) credit enhancement facility to K5 million. The previous limit was K3 million when the Government first released K100 million as security to the bank under its K200 million SME allocation for BSP to rollout the loan facility last year. Fleming stated that even though they have exhausted and rolled out the bulk of the governments relief funds for SME's they will still be running the SME loan program under its credit facility scheme “At this stage, BSP has not received the funding planned for this year but that is not preventing BSP from giving loans under the facility”. “There remains significant capacity for BSP to continue to assess, approve and funds loans under the facility”. “The agreement with the Government did provide for momentum in the SME facility to be maintained while allowing for the Government budget and funding process to be adhered to”. As part of the government SME relief funding, Commercial Banks were allocated K200 million with BSP Financial Group receiving K100 million, NDB K80 million and another K20 million was allocated to the department of Commerce and Industry BSP could not comment on how the National Development Bank (NDB) is dealing with the K80 million it received, but the intent, when discussions were initiated, was that BSP would be lending to more mature SMEs and NDB to startup ventures. In addition to enabling SMEs to access lower cost of funds through the facility with BSP, the bank has also made it a responsibility to ensure that Government funding is preserved by not approving loans that have a higher risk of default.

Join Papua New Guinea's

Business Community

Be the "First" to get our exclusive Digital Magazine & Weekly Newsletter.