Phishing, Spoofing, and Putting the World to Rights

I was driving in my car last weekend and had my father as my passenger/sat-nav/in-car entertainment (read: "putting the world to rights"). He mentioned to me that he was getting a lot of spam from banks telling him that his account had been put on hold and that he needed to log on to verify his identity. Luckily he deleted those emails because despite regularly getting viruses on his computer through clicking on random internet popups (“Your machine is infected, click here to fix”) he’s at least savvy enough to know that he doesn’t have an account with the purported senders. But what about those people that do? How many of them click on the link and surrender their details?

Briefly back to the words of my father “I’m getting a lot of spam from banks”. Well, not quite. What you’re actually getting is phishing email that’s spoofing the banks identity. It’s not particularly targeted phishing but reasonably clever nonetheless and something that led to UK consumers & businesses losing nearly £400 million in 2012 making us one of the most heavily phished countries in the world.

I’m not going to delve into too much detail on the attacks so if you want to read about how to spot a phishing or spoofing email, see Lauren's blog post. I will briefly touch on the internet security popups that I mentioned earlier; the UK’s fraud prevention service estimates that £30 million was spent on such “scareware”. That must equate to a huge amount of victims, given that they usually ask for only a small amount of money.

I’ve already mentioned “phishing”, “spam” and “scareware” and there are many more terms that are banded around but I wanted to take a few moments just to clarify the differences between phishing, spoofing and spam.

Spam is officially unsolicited bulk email, think the equivalent of junk mail that gets thrust through your letterbox and you put straight into the recycling pile. Spam is annoying but it’s not really dangerous.

Spoofing is where a malicious email is sent under the guise of an official or recognised persona. Think email that looks like it’s from your bank, favourite grocery store or online game. Spoofing by itself is not an attempt to steal valuable information from you but to make you do something like visiting a fake greeting card website which installs malware on your computer, steals your email address and all your email contacts and sends them email from you with the same link in it.

Phishing is an attempt to get you to surrender valuable personal information and is often used in conjunction with spoofing to convince you to surrender it. The example we all recognise is an email from our bank that says there’s been a change in procedure that requires you to confirm your password. You visit the site which they’ve created to mirror the banks login page and try to log into your account. What you’re actually doing here is surrendering your bank login details to the phishers. Think logically and you'll see that this type of attack can apply just as easily to social media, gaming, even grocery shopping and high street retail. So much of our life is online that our banking and personal details are everywhere.

To quickly recap; phishing is not spoofing but they’re often used together to convince you to surrender personal information.

Kaspersky analysed 50 million of its users and reported that 3,000 individuals were targeted every day in 2012 by a phishing attack compared to 1,000 a day in 2011. That’s a massive increase and RSA estimated that in 2012, phishing attacks in the UK earned £396,906,044 for the criminals, that’s over double what they made in the US where the figure stood at £158,269,792 ($245,476,572).

I’m going to be holding a webinar talking about how phishing (and spoofing) impacts marketers and their security teams on the 12th September. It’s open to all so please join me by registering here.

minute read

Popular stories

Products

BriteVerify

BriteVerify email verification ensures that an email address actually exists in real-time

DemandTools

The #1 global data quality tool used by thousands of Salesforce admins

Everest

Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality

Solutions

Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time