Email is both an excellent communication tool. Also, a way that companies can inform you about their latest products and services. However, email is frequently used to deliver unwanted material which is at best, irritating and at worst, malicious – causing considerable harm to your computer and yourself. Today we have known how to protect from spam email in our Email Box.
The Once Information Security Team has recently identified a new Social Engineering scam email campaign targeting some users. Fortunately, the attack is still in its early stages and we believe we can stop it by the flowing this step.
A Social Engineering attack, like any other scam attack, is intended to steal passwords, gain financial benefits or both.
How to protect from spam email :
A Social Engineering attack involves building trust with a potential victim and asking for favors by abusing that trust. Attackers use techniques such as unexpected lottery wins, expensive gifts etc. to attract unsuspecting users.
We’d like to share the following tips on identifying a potential Social Engineering scam email and protect yourself from scammers.
Look for unbelievable rewards from people that you have never heard before or got to know very recently
- Unexpected lottery wins – claiming that you’ve won a prize from a lottery that you never purchased
- Expensive gifts – require you to submit a small amount of money compared to the value of the gift so that they could ship it to you
- Seek help to inherit property from a deceased rich relative and share a percentage – request you to provide a small financial support to proceed with the case
- Promising huge profits from small or bizarre investments
Written in a way that induces sympathy or panic and asking for help
- Stranded in an airport – money and ticket was stolen
- Initiative to save a rare species from extinction and asking for financial support
Sounds authoritative and official
- Claiming that you have violated a certain law (probably made up) and asking for a compensation/fine
- Informing you that a package intended to you (one that you are not expecting) is being held and require you to pay a fee to free and receive the goods
If you suspect that you might have received a Social Engineering spam email;
- Do not provide username and password, especially if a link is provided to verify your accounts or change passwords (Your IT team never asks to reset your password via a link)
- Do not provide any personal details (full name / NIC number/mobile number/home or office address)
- Do not provide information of your colleagues or superiors or any others (mobile number / email address / home or office address )
How to mitigate (avoid) threats:
- Open only standard documents like .pdf, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .pps , .ppsx from trusted sources.
- We allow or you required to change your password only on your computer by pressing Ctrl + Alt + Delete, unless your IT admin does it.
- Always make sure of the sender’s email address eg: firstname.lastname@example.org but not email@example.com.
- Always get official IT assistance if doubtful.