This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies
By closing this message or continuing to use our site, you agree to our cookie policy. Learn More
This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • Home
  • News
    • Security Newswire
    • Technologies
    • Security Blog
    • Newsletter
    • Web Exclusives
  • Columns
    • Career Intelligence
    • Security Talk
    • The Corner Office
    • Leadership & Management
    • Cyber Tactics
    • Overseas and Secure
    • The Risk Matrix
  • Management
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • More
  • Physical
    • Access Management
    • Video Surveillance
    • Identity Management
    • More
  • Cyber
  • Sectors
    • Education: University
    • Hospitals & Medical Centers
    • Critical Infrastructure
    • More
  • Exclusives
    • Security 500 Report
    • Most Influential People in Security
    • Top Guard and Security Officer Companies
    • The Security Leadership Issue
    • Annual Innovations, Technology, & Services Report
  • Events
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
    • Security 500 West
  • Resources
    • The Magazine
      • This Month's Issue
      • Digital Edition
      • Archives
      • Professional Security Canada
    • Videos
      • ISC West 2019
    • Photo Galleries
    • Polls
    • Classifieds & Job Listings
    • White Papers
    • Mobile App
    • Store
    • Sponsor Insights
    • Continuing Education
  • InfoCenters
    • Building AppSec in Enterprises
  • Contact
    • Editorial Guidelines
  • Advertise
Home » Phishing: The Scary Clown of Cybersecurity
Cyber Security News

Phishing: The Scary Clown of Cybersecurity

clown computer
October 31, 2017
Gary Davis
KEYWORDS cyber risk mitigation / cyber security education / hacking / Phishing / social engineering
Reprints
No Comments

The terror began, so far as I can tell, with a simple email from a Nigerian Prince. The email was muddled, misspelled and widely imitated as it became the nefarious clown that we know today as phishing. This Halloween, I’d like to share the latest phishing disguises, so that you can distinguish tricks from treats and stay safe.

Much like the It (the clown), phishing goes by many names, has become much more adept at preying on the hopes and fears of individuals, and is growing rapidly as criminals learn which techniques are most effective. Since those early days of Nigerian Princes and AOL accounts, the spelling and grammar have improved, logos and graphics added to imitate real messages, and more realistic scenarios are used. Perhaps the most evil part of phishing’s latest tricks is the creation of targeted messages using information gleaned from social media and other public sources. In recent months, I’ve seen more instances of phishing including two techniques known as angler phishing and smishing (or SMS phishing) have grown dramatically, and pose a significant threat to consumers.

 

Angler Phishing

Social media is a great way for people to contact companies about product or service issues. Angler phishing is a trick that criminals are using to get your confidential data by mimicking a company’s legitimate customer support account. Using subtly modified domain names, such as “Apple” vs “App1e” (which in some fonts is indistinguishable), “mobile-paypal.com,” or “ask-company.com,” these criminals monitor Facebook, Twitter and other social media sites for people complaining or asking for help. Then they jump in and offer their assistance, asking for identifying information or providing a link to their fake website.

The best way to protect yourself from angler phishing is always to go to the company’s website first, and follow links from there to the appropriate customer support contacts.

 

Smishing

Smishing, or SMS phishing, brings the familiar fake ads, contests and bonus offers to your smartphone. The smaller screen, context-specific messages and distracted nature of smartphone usage make it more likely that you will click on one of these. Caller ID spoofing can even add the fraudulent message to an existing threat, or make it look like it is from an official number.

The best way to protect yourself from these scams is to vigilantly delete anything that you did not initiate, or that is not from a known contact. Remember, in most cases, you are not today’s lucky visitor, this is not a real refund offer, your bank or credit card account has not been suspended, and your Apple ID is not expiring. No one needs your user ID, password, Social Security number, or other account details via text or Twitter. That offer that expires in 90 seconds is most likely not real, and anything that is too good to be true, usually is.

Unlike Stephen King’s It, our evil clown is not a powerful and hungry alien from another dimension. Defeating it just requires a bit of diligence, a healthy amount of skepticism, and a stronger resistance to click bait!

Subscribe to Security Magazine

Gary Davis, Chief Consumer Security Evangelist, McAfee

Related Articles

Know Your Phish: 4 Keys to Combating Spear-Phishing Campaigns

The Human Element of Cybersecurity

You must login or register in order to post a comment.

Report Abusive Comment

Subscribe For Free!
  • Print & Digital Edition Subscriptions
  • Security eNewsletter & Other eNews Alerts
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

cybersecurity breach

The Top 12 Data Breaches of 2019

Mark Hargraves

Security Industry Mourns Passing of Mark Hargraves

ransomware-enews

British American Tobacco Suffers Data Breach and Ransomware Attack

Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

Major Retailer Macy's Is Hacked

SEC1219-Cover-Feat-slide1_900px

Contracted vs. In-House Guarding: No Universal Right Answer

SEC2019_Everbridge_1119_360x184customcontent

Events

December 17, 2019

Conducting a Workplace Violence Threat Analysis and Developing a Response Plan

There are few situations a security professional will face that is more serious than a potential workplace violence threat. Every security professional knows and understands that all employers have a legal, ethical and moral duty to take reasonable steps to prevent and respond to threats of violence in their workplace.
January 23, 2020

The Value of a Unified Approach to Critical Event Management

From extreme weather to cyberattacks to workplace violence, every organization will experience at least one, if not multiple, critical events per year. And in today’s interconnected digital and physical world, the cascading safety, brand, and revenue impacts of critical events are more severe. Organizations need to be prepared through a unified and rapid response to these events.
View All Submit An Event

Poll

Emergency Communications

What does your enterprise use to communicate emergencies to company employees?
View Results Poll Archive

Products

Effective Security Management, 6th Edition

Effective Security Management, 6th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

See More Products
SEC500_250x180 clear

Security Magazine

SEC-December-2019-Cover_144px

2019 December

This month, Security magazine brings you the 2019 Guarding Report, featuring David Komendat, Boeing CSO, and many other public safety leaders to discuss threats and solutions for 2020 and security officer training. Also, we highlight Hector Rodriguez, Director of Public Safety and Security at Marymount California University, CCPA regulations, NIST standards, VMS and much more.

View More Create Account
  • More
    • Market Research
    • Custom Content & Marketing Services
    • Security Group
    • Editorial Guidelines
    • Privacy Policy
    • Survey And Sample
  • Want More
    • Subscribe
    • Connect
    • Partners

Copyright ©2019. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing