Security

Share options :

  • Date : 17 / 05 / 2017
  • Author :
  • Comments : Comments Off on How to prevent against Phishing Attacks

Phishing” is the sending of emails which purport to be from someone other than the sender, in an attempt to get you to give up sensitive information such as username/password combinations, banking information, SIN numbers, etc.

Some of them are very sophisticated, and they use a number of techniques to try to fool you, including making linked sites look exactly like the real sites they are spoofing. Here are some ways in which they can be identified.

1: Beware of embedded links in emails.

Before you click the link in an email, even if the email seems to come from a trusted source, hover your cursor over the link. Most browsers will show you the actual URL that the link will send you to. If it doesn’t match, it’s a sign that this might not be genuine.
If you DO click a link before checking, take a look at the URL in the bar at the top of your browser window – this is the actual URL. If you were expecting to be at https://cibc.ca and it reads https://grockle.whereami.de/wpadmin/splat.html, close your browser immediately, even if it *looks* like the CIBC site you’re used to seeing.

2: Beware of unexpected attachments

Any attachments contained in emails may be dangerous, so be careful what you do with them. Normally simply receiving an attachment in an email should not pose a danger, but when you click on it that may initiate unexpected, bad, behaviour. We recommend that you only open attachments which are expected, and from someone you know, but bear in mind that providing a fake From: address is easy to do. If you receive an attachment from someone you don’t know, we would recommend deleting it. If you receive an attachment that seems to come from someone you know, but that is unexpected, send a reply to that person asking if they really sent you the attachment. If you are in any doubt all all, delete the attachment. If it was genuine, then sender should be able to re-send it to you.

3: Understand how URLs and domain names work.

If you do check the URL, you need to understand the way Internet naming works. Domain names are groups of letters and numbers delimited by dots (periods), and the most significant parts are on the right, and the most local parts are on the left.

So: securelogin.scotiabank.ca most likely belongs to Scotia Bank.
But: securelogin.scotiabank.ca.vxl.it is part of the vxl.it domain, and is almost certainly NOT connected to Scotia Bank in any way.

4: The message contains poor spelling and grammar

Reputable companies will normally check for spelling and grammar in emails sent out to the public. It’s fairly common for phishing emails to contain errors – especially since many of them originate in countries where English is not their first language.

5: The message asks for personal information

No matter how official an email message might look, it’s always a bad sign if the message asks for personal information. Your bank doesn’t need you to send it your account number – it already knows what that is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

6: The message seems too vague or generic

When I send out emails to customers I usually try to include some specifics that are known to us, but are unlikely to be known to random scammers – I may include your customer number, and possibly your company name as we have it in our customer database. If an email refers to “Customer” or “Email user”, or even “incentre.net customer” it’s likely to be a scam. The first two indicate that the sender knows nothing about you; the third seems to be more genuine, but that domain was just extracted from your email address.

7: The message makes unrealistic threats

Some phishing attempts use intimidation to pressure the reader into acting quickly and without care. Many of these ask you to “reconfirm” some information which the apparent sender should already know. For example:

Dear incentre.net user:

We are conducting a security audit of our mail accounts. Please follow this link … and reconfirm your email account and password. Failure to do so within three days will result in your account being deleted and all your mail being lost.

It is unlikely that a reputable company would simply delete an account if you fail to respond to a single warning.

8: Something just doesn’t look right

In Las Vegas, casino security teams are taught to look for anything that JDLR—just doesn’t look right, as they call it. The idea is that if something looks off, there’s probably a good reason why. This same principle almost always applies to email messages. If you receive a message that seems suspicious, it’s usually in your best interest to avoid acting on the message.

Share options :

  • Date : 24 / 07 / 2015
  • Author :
  • Comments : Comments Off on Important: Phishing email targeting Incentre customers

A phishing email has emerged that is targeting our customers specifically. The goal of a phishing email is to draw information – names, email addresses, passwords, etc – from users. In this case, someone has created a false webpage that looks similar to our webmail login. If a user attempts to log in, the perpetrator will keep a copy of their email address and password, then almost certainly use that account to send unsolicited email out via our server.

See below for a copy of what this most recent message looks like.

If you have followed the link in one of these emails and attempted to log in with your email address and password, please change your password as soon as possible. You can do this within our website: choose “Tech Support” at the top-right, then “Email Support”, then “Mailadmin – Email control for users”. Alternatively, you can type this URL into your browser: http://mailadmin.incentre.net/users/login.php

Please call us if there are any problems changing your password.

 

From: “Internet Centre”<services@incentre.net>
Subject: Your Internet Centre Account is Inactive.
Date: Jul 23, 2015 at 4:28:11 PM MDT
To: undisclosed-recipients:;

Dear member,

Your Internet Centre account has been regarded as inactive and disabled in
compliance with Internet Centre a Terms of Use.
You have 24hours to restore the account, just follow the link below:

http://webmail.incentre.net/email/restore

Otherwise your account will be completely removed on the expiry of the
mentioned period.

Thank you,
Internet Centre Customer Support.

Share options :

  • Date : 09 / 01 / 2015
  • Author :
  • Comments : Comments Off on Safer Internet Day 2015

Safer Internet Day is fast approaching! The success of this year’s edition depends on your support as we invite all of you to celebrate a better internet together.

Help us spread the word by supporting our Safer Internet Day campaign on Thunderclap. On 10 February, we will spread the same message at the same time, increasing the exposure of the campaign. Our goal is to reach 100 followers, we hope to have you among them!

Support the campaign here.

sid2015

Share options :

  • Date : 05 / 02 / 2013
  • Author :
  • Comments : Comments Off on ALERT uses International Safer Internet Day to talk about child exploitation

In 2012 alone, Alberta officials investigated more than 440 new cases of internet-related child exploitation, and laid more than 300 charges against 72 people province-wide.

Alberta Law Enforcement Response Teams’ (ALERT) Internet Child Exploitation (ICE) units are using International Safer Internet Day as an opportunity to raise awareness about the issue and to remind people to ensure online safety year-round.

Safer_Internet_day_2013

Click here for the article from Global TV Edmonton.