Post on 30-Apr-2020
transcript
FAQ
1. What is Phishing Email?
A form of fraud by which an attacker masquerades as a reputable entity in order to
obtain your personal information.
Usually appear to be sent from official email address
Usually includes attachments, software or an upgrade program containing a virus or
spyware.
Usually include a hyperlink to a fake website to trick you into disclosing personal data
2. How to identify phishing email?
Check the email sender’s name and address
Phishing email purports to be from a well-known entity, but senders’ names and addresses
differ from those of legitimate organizations. Simply look at the text inside the <> symbols to
check out the actual email address.
The example below, tells us the sender’s address is security@biznetvigator.com, but we can see
that the sender’s email address is not ”biznetvigator.com” between the < > symbols. This means
it is NOT the official email address of Business NETVIGATOR, so could wee be a phishing email.
Pay attention to recipient’s name email
Some phishing emails maybe be sent to a group which does not include your name.
Check the hyperlink’s website layout
Phishing email normally contains a hyperlink to a bogus website that uses a URL and domain
name similar to a legitimate entity’s site. A phishing website may include logos or other
identifying information taken directly from a genuine website, making it difficult to discern a
fake from the real thing. If in doubt, check with the organization concerned.
Below is an example for illustration. The URL of phishing website is very similar to the real
website’s, and the phishing website layout looks almost the same as the authentic one too.
REAL Website: https://www.biznetvigator.com/chi/homepage.php
FAKE Website: https://www.biznetvigatoronline.com/chi/homepage.php
Check the hyperlinked web address
Phishing hyperlinks are normally similar to legitimate URLs. Use of subdomains and misspelled
URLs – known as typo squatting – are common tricks, as is homograph spoofing whereby URLs
are created using characters to read exactly like a trusted domain. You can simply mouse over a
hyperlink to check out its real URL address.
Below is an example for illustration:
Email content containing threatening words
Some phishing emails contain threats or an emergency alert. For example, you could be told
your account information is invalid, or your email capacity is almost exhausted, so you are asked
to provide credit information, or login to your account via the URL provided.
Flawed grammar in phishing email content
Most email issued by large companies goes through an editorial quality process, so if an email’s
grammar is sub-standard, it could be a phishing attempt.
3. What can I do to avoid phishing scams
Install anti-virus software
Reliable anti-virus software is designed to detect and deal with most kinds of phishing
email, as well as viruses, spyware, malware and Trojans. Such software should be
installed on all internet devices such as mobile phones and tablets.
Activate spam-filtering functionality
Business NETVIGATOR’s “Anti-Spamming Service VAS” feature aims to block spam and
phishing emails. It automatically sends them to spam folders to minimize email-based
hacker attacks.
Change your email password frequently
You should change your email password periodically - and use a different password
combination to register for online services. This can reduce the risk of your account
being hacked.
Never open suspicious emails or attachments
If you suspect you have received a phishing email, do NOT click on any link or
attachment. Remember, you can always make a quick call to verify authenticity. You can
also seek assistance from your email service provider.
And if you receive an email asking you to verify your personal or account information –
such as by revealing passwords, online banking login information, or credit card
numbers – resist any temptation to comply.
4. How did the phishers get company or user’s information?
For cybercriminals they have tools which can automatically search and collect user’s email
addresses (together with other info such as company name and address) from web pages, social
media sites, forums, blogs, etc.. Phishing emails will be sent to these email addresses. Phishing
email may appear to be sent from our official email address, in a way phishing senders
masquerade as an official entity to lower the alertness of recipients and makes false statements
such as suggesting the recipient’s monthly subscription to trick recipients in providing company
details or financial information.
5. What if company or my personal email account, bank account, or other
accounts were compromised?
Immediately change the passwords for any potentially compromised accounts
Contact your bank or financial advisor to let them know your accounts may be compromised and ask them to put a fraud alert on your accounts
Check your bank and financial statements and credit reports to regularly to identify any false charges or suspicious activity
If you believe you are a victim of identity theft, please report your case to Hong Kong Police Force
6. Do I only need to worry about Phishing attacks via email?
No. Phishing attacks can also occur through phone calls, texts, instant messaging, or malware on your computer which can track how you use your computer and send valuable information to identity thieves. It is important to be vigilant at all times and remain suspicious of sources that ask for your credentials and other personal information.
7. Why can’t Email Service Providers stop these types of messages?
HKT does stop over many spam, phishing and virus-related email messages per day. However, the technology used to send spam and phishing emails is constantly changing. While blocking these messages helps, unfortunately there’s no substitute for all of us also being vigilant to avoid being fooled by those messages that do get through.
8. What should I do if I receive phishing spam?
If you receive suspicious e-mail, please do NOT reply and notify us at bizts@biznetvigator.com. Our security team will investigate and work with the appropriate authorities to block a fraudulent email account or website as soon as possible.
9. What risks are involved if replied a phishing email?
If you reply to a phishing scam with your username and password you have provided the scammer access to your bank or other financial accounts. In addition your email will be used to send thousands of spam email to others on and off your contacts.
10. What are the types of questions that HKT will never ask in an email? We will never ask for the following personal information in an email:
Credit and debit card numbers
Bank account numbers
HKID or passport number
Driving license number
Email addresses and password