What an Apple phishing attack looks like

The biggest givewaway is 'localhost' instead of secure http. The rest of his advice (font, Apple logo, username + password fields on the same page) are useless because website design changes from time to time.

Most users do not verify website address they're visiting. They only look at the website content. If it looks familiar, they'll trust it. Some don't understand it's possible to create website content that looks like financial/banking websites. That's why phishing still works today. I just had a user at my workplace who fell for phishing email. The user follows a link in an email and it goes to "best m o s q u i t o killers . c o m" (I manually added spaces) but it looks like Microsoft online.

Always best not to click on any link from an email, better to type the url of the site you want to go to directly.

...but today there were two text message phishing attempts sent to me from a fake banking site. I never EVER click on anything in a message or email.

Yahoo email and if a suspicious email arrives all I need to do is to hover the mouse pointer over the senders name.

If it is supposed to be from your bank but the sender shows something really strange you know its a fake.

Click on a e-mail link, if is something that interest you go and enter the web address yourself

Thanks for the input

I remember years ago there was a virus being spread by an email attachment called 'cupholder.exe'. When you clicked the attachment, it would eject your CD ROM drive. All the folks in our billing department thought it was SO cute that they forwarded it everywhere. By the time I.T. go wind of it, easily 25% of the environment had an infected PC, not to mention how many sent it off to their friends and loved ones... If you see a cute fuzzy bunny in your email be wary. Not much is free any more and most of the time you don't want what is!

OK, off my soap box.

For the heads up.

How to Tell if an Email is Fake, Spoofed or Spam:

Tip 1: Don’t trust the display name
A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Legitimate companies send emails through a server based out of their company website (for example, support@microsoft.com). If you see a long string of numbers in front of the @ sign or the name of a free email service before the .com (or any other domain), you need to question the legitimacy of the email in question.

Tip 2: Look but don’t click
Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it. If you want to test the link, open a new window and type in website address directly rather than clicking on the link from unsolicited emails.

Tip 3: Check for spelling mistakes
Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.

Tip 4: Analyze the salutation
Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name. When you receive a genuine email, the sender addresses you directly, using either your first or last name. If you receive an email where they refer to you as a Valued Customer or as a member of some company, its spam. Senders of your genuine emails want to get your attention, so they always address you directly.

Tip 5: Don’t give up personal information
Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up. Most institutions you deal with come right out and say they re never going to ask for personal information in an email. They don't need to ask you for your personal information anyway because they usually have it on hand. So, if you get an email that asks you for any personal information, no matter how legitimate it might seem, delete it right away. Personal information is only meant to be entered in secure, encrypted forms, not emails where anyone and everyone can get their hands on your information.

Tip 6: Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”

Tip 7: Review the signature
Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.

Tip 8: Don’t click on attachments
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.

Tip 9: Don’t trust the header from email address
Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address. Return Path found that nearly 30% of more than 760,000 email threats spoofed brands somewhere in the header from email address with more than two thirds spoofing the brand in the email domain alone.

Tip 10: Don’t believe everything you see
Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.

**** If It Ends Up In Your Spam Folder ****
You might be reading this entry and thinking Duh! But you would be surprised how many people go rummaging through their spam folder like there s something they need in there. Unless you accidentally categorized legitimate emails as spam, you can be pretty sure that all the emails you need will appear in your inbox. Sometimes emails from certain websites end up in the spam folder. You must deal with those on a case-by-case basis to determine whether or not they re legitimate of pushing garbage into your inbox.

------------------------------------------------------------------------------------------------------------------

What is the difference between malware and ransomware?
Malware is software written specifically to harm and infect the host system. Malware includes viruses along with other types of software such as trojan horses, worms, spyware, and adware. Advanced malware such as ransomware are used to commit financial fraud and extort money from computer users

How is ransomware being spread?
Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. ... Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user's knowledge. Crypto ransomware, a malware variant that encrypts files, is spread through similar methods and has also been spread through social media, such as Web-based instant messaging applications.

Can ransomware infect an encrypted drive?
In the first case, even if you have encrypted your files they can be encrypted again by ransomware. And then you won't be able to decrypt them. Bad situation. In the second case, ransomware lives in the computer's runtime (while you're using it), therefore it has an access to decrypted files on your computer.

What is CryptoLocker virus?
CryptoLocker is a family of ransomware whose business model (yes, malware is a business to some!) is based on extorting money from users. ... However, unlike the Police Virus, CryptoLocker hijacks users' documents and asks them to pay a ransom (with a time limit to send the payment).

Agree, but it is a pretty creative use for a CD/DVD drive!

Not so creative when it also leaves a virus on your computer by virtue of clicking the exe file !

If your email provider is properly filtering/screening messages, you should be able to look at the email address (the actual address@domain.com part) and see if it's coming from apple.com or whoever they're purporting to be. The display name might say App Store or whatever but look at the address. Back-end mail-related DNS records like SPF and DKIM will expose the email sender as a fraud if they attempt to forge the from address of a domain they don't own (assuming that domain holder has published the proper SPF and/or DKIM records).

SaneSecurity has some really good anti-phishing, malware, and other signatures which may be used with ClamAV for scanning emails coming in on a mail server. They're not really aimed at the end-user but if your IT department or mail provider is truly competent, they're probably using them.

- Phil

NO COMPANY WILL:

1) Tell you 'there is a problem with your bill/credit card, click here to fix it'

2) Ask for personal information in an email

3) Tell you about a virus that has infected your computer, click HERE to fix.

NEVER give money or personal information or access to your computer in an email or over the phone (unless YOU called them).