Place your Ad Here!

Don't Fall Prey to a Phishing Scam

by PNG Business News - July 15, 2021

Phishing prevention has become essential as more criminals turn towards online scams to steal your personal information. Since you will likely be exposed to a phishing attack eventually, you’ll need to know the red flags.  Because scams are nothing new on the web, but phishing is harder to spot than you might think.  Across the web, phishing attacks have baited unsuspecting victims into handing over bank info, cash, and more. If you so much as click a link, you could be the scammer’s next victim.

What is Phishing?

Phishing persuades you to take an action which gives a scammer access to your device, accounts, or personal information. By pretending to be a person or organisation you trust, they can more easily infect you with malware or steal your credit card information.

In other words, these schemes “bait” you with trust to get your valuable information.  These schemes may urge you to open an attachment, follow a link, fill out a form, or reply with personal info.  You must be on guard at all times which can be exhausting.

These threats can get very elaborate and show up in all types of communication, even phone calls. The danger of phishing is that it can deceive anyone that isn’t on guard. Let’s unpack how phishing attacks work.

How does Phishing work?

Anyone who uses the internet or phones can be a target for phishing scammers.  Phishing scams normally try to:

  • Infect your device with malware
  • Steal your private credentials to get your money or identity
  • Obtain control of your online accounts
  • Convince you to willingly send money or valuables

Sometimes these threats don’t stop with just you. If a hacker gets into your email, contact list, or social media, they can spam people you know with phishing messages seemingly from you.  Trust and urgency are what makes phishing so deceiving and dangerous. If the criminal can convince you to trust them and to take action before thinking — you’re an easy target.

Who is at risk of Phishing Attacks?

Phishing can affect anyone  - everyone from the elderly to young children are using internet devices nowadays. If a scammer can find your contact information publicly, they can add it to their phishing target list.  Your phone number, email address, online messaging IDs, and social media accounts are harder to hide nowadays. So, there’s a good chance that just having one of these makes you a target.

Spam Phishing

Spam phishing is a broad net being thrown to catch any unsuspecting person. Most phishing attacks fall into this category.  To explain, spam is the electronic equivalent of the ‘junk mail’ that arrives on your doormat or in your postbox. However, spam is more than just annoying. It can be dangerous, especially if it’s part of a phishing scam.

Phishing spam messages are sent out in mass quantities by spammers and cybercriminals that are looking to do one or more of the following:

  • Make money from the small percentage of recipients that respond to the message.
  • Run phishing scams – in order to obtain passwords, credit card numbers, bank account details and more.
  • Spread malicious code onto recipients’ computers.

Spam phishing is one of the more popular means that scammers get your info. However, some attacks are more targeted than others.

Targeted Phishing

Targeted phishing attacks usually refers to spear phishing or it most common variant whaling.  Whaling takes on high-level targets, while spear phishing widens the net. Targets usually are employees of specific companies or government organisations. However, these scams can easily be aimed at anyone seen as particularly valuable or vulnerable.

You might be targeted as a customer of a targeted bank, or an employee of a healthcare facility. Even if you’re just responsive to a strange social media friend request, you might be phished.  Phishers are much more patient with these schemes. These personalised scams take time to craft, either potentially for a reward or to increase the chances of success.  Building these attacks may involve gathering details about you or an organisation you happen to be involved with. Phishers might take this information from:

  • Social media profiles
  • Existing data breaches
  • Other publicly discoverable info

Moving in for an actual attack might be swift with an immediate attempt to encourage you to take an action. Others might build a connection with you for months to earn your trust before the big “ask.”  These attacks aren’t limited to direct messages or calls — legitimate websites might be hacked directly for a phisher’s benefit. If you’re not careful, you might be phished just by logging in to site that is normally perfectly safe.  Unfortunately, it seems many people are convenient targets for these criminals. Phishing has become a new “normal” as these attacks have ramped up in frequency.

Some examples of common Phishing scams

Whilst it would be impractical and impossible to list every known phishing scam here, there are some more common ones you should definitely look out for:

Iran Cyberattack phishing scams use an illegitimate Microsoft email, prompting a login to restore your data in attempts to steal your Microsoft credentials. Scammers use your fear of being locked out of Windows and the relevance of a current news story to make it believable.

Office 365 deletion alerts are yet another Microsoft-related scam used to get your credentials. This email scam claims that a high volume of files have been deleted from your account. They give a link for you to login, of course resulting in your account being compromised.

Notice from bank. This scam tricks you with a fake account notification. These emails normally give you a convenient link which leads to a web form, asking for your bank details “for verification purposes.” Do not give them your details. Instead, give your bank a call as they may want to take action on the malicious email.

Email from a ‘friend’. This scam takes the form of a known friend who is in a foreign country and needs your help. This ‘help’ normally involves sending money to them. So, before you send your ‘friend’ money, give them a call first to verify whether it’s true or not.

Contest winner/Inheritance email. If you’ve won something unexpectedly or received an inheritance from a relative you've never heard of — don’t get too excited. Most of the time these emails are scams that require you click on a link to enter your info for prize shipment or inheritance ‘verification’.

Coronavirus/COVID-19 phishing scams are the latest.  One of the most notable is the Ginp banking trojan which infects your device and opens a web page with a “coronavirus finder” offer. It baits people into paying to learn who is infected nearby. This scam ends with criminals taking off with your credit card info.

Steps to protect yourself from Phishing

Internet protection starts with your mindset and behaviour toward potential cyberthreats.  Even for cautious users, it's sometimes difficult to detect a phishing attack. These attacks become more sophisticated over time, and hackers find ways to tailor their scams and give very convincing messages, which can easily trip people up.

Here are a few basic measures to always take with your emails and other communications:

  1. Employ common sense before handing over sensitive information. When you get an alert from your bank or other major institution, never click the link in the email. Instead, open your browser window and type the address directly into the URL field so you can make sure the site is real.
  2. Never trust alarming messages. Most reputable companies will not request personally identifiable information or account details, via email. This includes your bank, insurance company, and any company you do business with. If you ever receive an email asking for any type of account information, immediately delete it and then call the company to confirm that your account is OK.
  3. Check email addresses.  Some replicate very closely the ‘real’ email addresses of companies – some just use a gmail address – a sure sign that it’s a scam.
  4. Do not open attachments in these suspicious or strange emails — especially Word, Excel, PowerPoint or PDF attachments.
  5. Avoid clicking embedded links in emails at all times, because these can be seeded with malware. Be cautious when receiving messages from vendors or third parties; never click on embedded URLs in the original message. Instead, visit the site directly by typing in the correct URL address to verify the request, and review the vendor's contact policies and procedures for requesting information.
  6. Keep your software and operating system up to date. Windows OS products are often targets of phishing and other malicious attacks, so be sure you're secure and up to date. Especially for those still running anything older than Windows 10.

Reducing your spam to avoid Phishing

Here are some more useful tips – from Kaspersky’s team of Internet security experts – to help you reduce the amount of spam email you receive:

Set up a private email address. This should only be used for personal correspondence. Because spammers build lists of possible email addresses – by using combinations of obvious names, words and numbers – you should try to make this address difficult for a spammer to guess. Your private address should not simply be your first and last name – make it hard for scammers to guess.

Set up a public email address. Use this address when you need to register on public forums and in chat rooms, or to subscribe to mailing lists and other Internet services. Treat your public address as a temporary address. The chances are high that spammers will rapidly get hold of your public address.  Don't be afraid to change your public email address often.

Phishing and the importance of Internet Security Software

One of the simplest ways to protect yourself from becoming a victim of a phishing scheme is to install and use proper Internet security software on your computer. Internet security software is vital for any user because it provides multiple layers of protection in one simple-to-manage suite.

Anti-spam software is designed to protect your email account from phishing and junk emails. Anti-malware is included to prevent other types of threats. Similar to anti-spam software, anti-malware software is programmed by security researchers to spot even the stealthiest malware. By using an anti-malware package, you can protect yourself from viruses, Trojans, worms and more.  By combining a firewall, anti-spam and anti-malware into one package, you can provide extra backups that keep your system from being compromised, if you do accidentally click on a dangerous link. They are a vital tool to have installed on all your computers as they are designed to complement common sense.  In addition to having virus protection software on your computer, it is crucial to use a password manager to manage your online credentials. Today, it is vital to have different passwords for all websites. If a data breach ever occurs, malicious attackers will try using the discovered credentials across the web.

While technology is a rapidly evolving field, by using a security package from a reputable security vendor, you can secure your devices from phishing and other malware threats.

Savi Moni offers a range of financial literacy training, tools, tips and resources aimed at improving the financial wellness levels of Papua New Guineans.  It’s no use being financially ‘well’ and then lose your hard earned cash to Phishing Scams.  Learn more at www.savimonipng.com

 

Information in this article sourced from https://www.kaspersky.com/



Recent Articles

Oil and Gas

PNG Business News - July 22, 2021

Oil Search Considering Merging with Santos

Santos, an Australian oil firm, announced its plan to combine with Oil Search Limited. Santos proposed a non-binding indicative merger last month with the goal of making the two companies the regional energy champions. The proposed merged entity has a market capitalization of A$22 billion (K56 billion), putting it among the top 20 ASX-listed companies and the top 20 global oil and gas companies. This means, among other things, that the merger will have a diverse portfolio of high-quality, long-life assets spanning Australia and Papua New Guinea, a solid balance sheet with ample cash to support expansion choices, and an investment-grade credit rating. The merger plan, if approved, would be conducted through a Scheme of Arrangement in which Oil Search shareholders would receive 0.589 new Santos shares for each Oil Search share held, according to Santos in a market disclosure to the Australian Stock Exchange.  Following the scheme's acceptance, Oil Search shareholders would control 37% of the combined company, while Santos shareholders would own 63%. Based on Santos' closing price on June 24, 2021, the ownership ratio suggested a transaction price of A$4.25 (10.92) per Oil Search share. This was a 12.3% premium to the Oil Search closing price of A$3.78 (K9.72) on June 24, 2021, and a 9.8% premium to the Mubadala block trade selling price of A$3865. (K9.92). Kevin Gallagher, managing director and chief executive officer of Santos, said the merger will bring more alignment to PNG, allowing for the development of important projects such as Papua LNG, as well as the creation of new employment and support for the local economy. Santos, according to Gallagher, has proposed a true merger in which ownership of the combined firm is based on proportionate contribution and value. “The strategic rationale for a merger is clear and offers superior value to Oil Search shareholders rather than continuing on a standalone basis. “Santos continues to believe that the Merger Proposal represents an extremely attractive opportunity to deliver compelling value accretion to both Santos and Oil Search shareholders.” Oil Search stated in its ASX market update that it is open to receiving and engaging with any proposal that is in the best interests of its shareholders. While the company's board of directors agrees with Santos that combining the two firms makes strategic sense, the conditions must be fair to the company's shareholders, which the terms proposed by Santos are not. Despite Santos shareholders holding 70% more shares than Oil Search shareholders, Oil Search maintains that the proposed conditions provide just a 6.8% premium based on Friday's closing share prices for Oil Search and Santos. According to the firm, no such proposal has been made at this time.   Reference: Post-Courier (21 July 2021). "Oil Search Open To Merger with Santos". 

Agriculture

PNG Business News - July 21, 2021

Study Says Sweet Potato Growers Have Received Significant Insights into Customers Buying Habits

In Papua New Guinea (PNG), sweet potato (kaukau) growers have received significant insight into customer buying habits, which is assisting them in identifying new market possibilities. The recent market analysis, which was supported by the Papua New Guinea-Australia Partnership and conducted by the Australian Centre for International Agricultural Research, revealed that an increasing number of consumers in Port Moresby prefer to buy fresh produce from supermarkets, citing convenience and safety as reasons. While this trend may result in fewer consumers at conventional farmer markets, PNG and Australian experts believe it may open up new marketplaces for rural people. “Farmers are looking for stable markets where they can receive more consistent prices for better-quality produce,” said Professor Philip Brown from Central Queensland University (CQU), who is leading the research project.  “The research shows that consumer behaviour is likely to support an expansion in the supermarket sector in large urban centres and this is positive news for the farmers. This could allow commercial focused farmers to secure more stable market access.” The study of 353 customers was conducted as part of ACIAR-funded sweet potato research sponsored by CQU and the PNG National Agriculture Research Institute (NARI), which aims to improve sweet potato value chains by increasing the quality of harvested roots. Sweet potato quality and production are improving, resulting in increasing supplies to retailers eager to provide better fresh produce. “The project, with support from the Fresh Produce Development Agency and NARI, is helping farmers to build their business skills and connect with emerging supermarket opportunities,” said Professor Brown. Kirt Hainzer, a CQU researcher who collaborated on the survey alongside NARI researchers, said it was the first study to look at customer behaviour and see what role stores may play in the development of PNG's commercial sweet potato sector. “The research sought to better understand and compare how consumers buy staples from open markets and supermarkets and to explore the preferences for purchasing staple foods as supermarkets increase the availability of convenience staples like rice,” said Hainzer. “Although expanding formal sales represents a huge step forward in developing a commercial sweet potato industry, continued research on consumer preferences and the market for fresh produce will help better understand trends in staple food purchasing and what market opportunities exist for growers.” With over a hundred kinds of sweet potato in the nation, NARI economist Raywin Ovah said the study sought to find out which of these customers preferred. “Not all the varieties are preferred from a consumer point of view. There are only a few that consumers want to be based on the taste or health properties and that is what we want to also find out. Farmers can be provided with that information, so they produce those varieties that the market wants.” One of five initiatives under the Transformative Agriculture and Enterprise Development Program is a project to increase commercial sweet potato production and commercialization in the PNG highlands. The ACIAR program, which is funded by Australia in collaboration with the government of Papua New Guinea, aims to improve the livelihoods of rural men and women through private sector-led development, increased agricultural productivity and quality, and the development of individual and institutional capacity.   Reference: Loop (20 July 2021). “Study looks into sweet potato industry”.

Mining

PNG Business News - July 21, 2021

Garry: MRA Evaluating K50 Billion Worth of Investments

According to managing director Jerry Garry, the Mineral Resources Authority is evaluating more than K50 billion in investments in the country. Wafi-Golpu, Frieda River, and Woodlark are among them. “We are also looking at the Central Lime and Cement,” he said. “If that project comes on-stream, it will be one of the first industrial mines ever built in the country.” Garry was speaking at a Port Moresby consultation session on the Mine and Works (Safety and Health) Bill 2021. PNG, he added, was home to some of the world's largest mines. “We have grown from strength to strength,” he said. “If you compare the Bank of PNG statistics, the mining sector alone, in terms of production, has exported over K17 billion in 2020 and 2019. “So it’s a huge industry that we are trying to regulate and manage.” Garry expressed gratitude to the industry for making safety a primary priority. “They have been taking health and safety at the workplaces very seriously,” he said. “We must not only consider (the workers) and the environment but also people living around the (areas) we operate in. “And if we are using any hazards, we must also take responsibility.” The newest mining methods in Wafi-Golpu, known as block cave mining, are one of the new things to expect, according to Garry. “New mining hazards will come with this new mining method,” he said.   Reference: The National (20 July 2021). “Authority assessing investments worth K50bil”.

Join Papua New Guinea's

Business Community

Be the "First" to get our exclusive Digital Magazine & Weekly Newsletter.