Skip to main content

Tag: email security

IMPORTANT REMINDER: How To Spot Spam And Phishing Emails

In the recent days, we’ve received a lot of inquiries and concerns from clients regarding spam and phishing emails.  

You’ve probably heard of spam or phishing before. On a regular basis, companies big and small often send out precautions to their employees and tips on how to avoid this. This is because most of the time, our emails are the targets of these scams and oftentimes, we don’t even know it! A single click of a button may cause big trouble if we unapologetically continue to ignore these types of emails. Here we’ve listed down some important tips to avoid your emails from being compromised and what you should do if you’ve suddenly become a victim!  

Tips on how to avoid being a victim 

By being meticulous with our emails, we can determine which are spam emails and which are phishing emails. Here’s important tips to keep in mind especially if you’re the type who likes to keep a clean inbox on a daily basis:  

  • Check your email account to see if you have a tool to filter out potential spam and phishing emails; if so, channel them into a bulk email folder. 
  • Never reveal personal or financial information in an email as this is an opportunity for criminals to get further into your email account. 
  • Always check the security of a website before entering sensitive or personal information online. If Google Chrome doesn’t allow you to enter the website, it’s probably best that you don’t!  
  • Pay attention to the website’s URL because malicious websites usually look identical and these URLs use variation in spelling or a different domain. 
  • If you’re unsure if the email is legitimate or not, try contacting the company and ask if they’re sending out emails heavily for a large amount of contacts including yours.
  • Diligently inspect the email address of the sender since some phishing emails tend to show that their email address is legitimate. 
  • Do not instantly open emails from unknown or suspicious senders. 
  • Do not open or download suspicious email attachments with suspicious filenames. 
  • Immediately delete suspicious emails and remember to empty your trash. 
  • Use strong passwords, please.
  • Ask your IT Admin to secure your computers with the latest OS versions, patches and security software.
  • If you are using email clients, make sure you are using Secure SSL/TLS settings.
  • Scan your cPanel or hosting account for malware using Virus Scanner tool.

 

What to do if you are a victim 

If you’ve fallen and have unavoidably become a victim of spam or phishing, take these security measures into action immediately to avoid future problems: 

  • When you receive emails from your bank containing activities you haven’t done, call your bank to block your card/s immediately. 
  • Change your password and other confidential information in an instant if you’ve received notifications for an account in an online service.
  • In the event that you clicked a suspicious link or downloadable malicious software, use antivirus software to scan your computer and quarantine any viruses.
  • You may contact the nearest IT professional in your company to help handle the situation and to ask for guidance on how to go about the problem.
  • Report malicious content to authorities if possible.
  • Be an online informer and spread precautionary information to everyone to avoid scams and phishing in the future. 

 

For any clarifications or concerns please do not hesitate to email our Technical Support Team at support@imanila.ph or to contact us in our mobile numbers at +63 947 427 3011 or +63 947 427 3012 or in our new trunkline number at (+632) 8876-1925. Our Technical Support Team is open to help you with your website and email concerns from Monday to Sunday from 9:00 AM to 6:00 PM.  

To learn more about how to manage your cPanel and emails, visit our iManila Help Center at https://imanila.ph/help/ 

Gmail Phishing Scam on the Rise!

 

For most of us, email is a way of life. From work to personal communications to smartphone applications downloads, our email is our virtual online address where most of important documents and updates are sent. That being said, email is an indispensable online asset. Modern life isn’t just the same without it. Unfortunately, it’s the one thing that most of us tend to neglect, especially when it comes to security.

In the past weeks, a phishing scam over Gmail has circulated and propagated in the World Wide Web, escaping the scrutiny of both experts and new users of this email platforms.

Wordfence  (security team behind WordPress) revealed how the phishing scam worked using its account to send unsolicited emails that contained that same malicious strings that pretended to be an authentic Gmail log-in page.

After the victim is fooled to logging in at the fake Gmail login page,  the attacker gains access to the victim’s account. This cycle continues as the attacker uses the compromised account to send malicious emails to other people in the email’s contact list.

That’s why this phishing method “gained popularity” among hackers in the past year: as it effectively tricked people into thinking that they’re opening content from a trusted contact. Furthermore, the hackers behind this method makes it much deceitful as they emulated the way the victim user sends his/her emails from the subject down to email body.

How to detect this?

The phishing technique is deceiving even experienced, technical users – the kind who are already aware of attacks designed to extract valuable information through online.

What makes this recent uncovered technique so much more dangerous is that the location bar shows the text string “accounts.google.com” – a legitimate Google page. However, in this phishing attack, there’s a text string (“data:text/html”) preceding “accounts.google.com.”

There’s also another large chunk of text appearing on the far side of the location bar, which is the file that ultimately sends one’s credentials to the attacker.

These hard-to-spot text strings differentiate the phishing log-in page from the legitimate sign-in page. Most will see “accounts.google.com”, believe it’s the real thing and continue with the log-in.

Prevention

Wordfence provided advice on how to avoid being victimized by this phishing attack:

“Make sure there is nothing before the hostname ‘accounts.google.com’ other than ‘https://’ and the lock symbol. You should also be keen about the of the green color and lock symbol that appears on the left. If you can’t verify the protocol and verify the host-name, stop and consider what you just clicked on to get to that sign-in page.”

The use of 2-step authentication is highly advised. This method uses a secondary verification mechanism for users, and to regularly change passwords.

Wordfence also received word from Google regarding the attack. The tech giant acknowledged it and said that they’re strengthening their defenses against it.

“We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more,” said one of the Google representative.

Wordfence suggested that Google should incorporate a design that allows users to easily identify the malicious, hidden text strings seen in these attacks which is similar to the way that the Google Chrome browser labels insecure “https” pages in red and secure, trusted ones in green.

***

To know more about how to make your website secured and safe for your users, you can check iManila’s hosting page and check how our secured  hosting  packages and safety features such as the SSL certification can help you secure your business online.

 

Source: Wordfence.com

Rappler.com