IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [phishing]

Phishing is an attempt to steal user's personal information such as username, password, credit card number etc. The main idea of such attack is that the attacker pretends to be a trusted web-site which asks the user to re-enter the personal information and in this way steels it.

535 questions
198
votes
3 answers

Don't understand how my mum's Gmail account was hacked

My mum (on Gmail, using Chrome) received an email from a friend's Hotmail address. She opened the email (very obviously a phishing email) and clicked a link in it. This opened a webpage with loads of medical ads on. She closed the page and deleted…
cja
  • 1,599
  • 3
  • 11
  • 8
172
votes
9 answers

Is Adblock (Plus) a security risk?

My email-provider's website (http://www.gmx.de) recently started linking to the (German) site http://www.browsersicherheit.info/ which basically claims that due to its capabilities to modify a site's appearance, Adblock Plus (and others) might…
Tobias Kienzler
  • 7,578
  • 10
  • 43
  • 66
124
votes
5 answers

Why do phishing e-mails use faked e-mail addresses instead of the real one?

I read that you can write anything into the From: field of an e-mail. If that is true, then why are phishing e-mails trying to trick me with look-a-like addresses like service@amaz0n.com instead of just using the actual service@amazon.com itself?
JFB
  • 1,685
  • 3
  • 13
  • 11
118
votes
5 answers

Why do phishing emails have spelling and grammar mistakes?

Are the spelling and grammar mistakes in phishing emails done on purpose? Is there some wisdom behind it? Or they are simply indicative of the fact that they've been written by someone who does not natively speak English?
Muhammad Hasan Khan
  • 1,291
  • 2
  • 9
  • 6
89
votes
9 answers

How to distinguish between a scam and a genuine call?

My bank called me the other day and the person who spoke to me failed to give me a single evidence that he is calling from my bank. The bank number is hidden just like many other companies maybe because they use VOIP to make calls or they don't…
Ulkoma
  • 8,793
  • 16
  • 65
  • 95
89
votes
1 answer

Isn't the BBC being extremely irresponsible in describing how to authenticate an account-related email?

On this webpage, the BBC says: I’ve received a ‘Changes to your BBC account’ email claiming to be from the BBC – is this a genuine email? At the end of September 2016, we upgraded our ‘BBC iD’ sign-in system to ‘BBC Account’, and as a result we had…
Lightness Races in Orbit
  • 2,173
  • 2
  • 14
  • 15
88
votes
12 answers

When is phishing education going too far?

I currently work on the IT security team at my workplace in a senior role. Recently, I assisted management in designing the phishing / social engineering training campaigns, by which IT security will send out phishing "test" emails to see how aware…
Anthony
  • 1,736
  • 1
  • 12
  • 22
81
votes
8 answers

Risks of giving developers admin rights to their own PCs

I need to convince my internal IT department to give my new team of developers admin rights to our own PCs. They seem to think this will create some security risk to the network. Can anyone explain why this would be? What are the risks? What do IT…
carolineggordon
  • 928
  • 1
  • 7
  • 8
79
votes
8 answers

Company does not want any names on phishing reports

We have been recently contracted to run phishing tests for a company. Let's call it a company but basically they are obligated, by law, to assess the security of their environment with phishing campaigns. We ran our first campaigns not too long ago…
pm1391
  • 1,427
  • 2
  • 7
  • 19
76
votes
13 answers

Why is a link in an email more dangerous than a link from a web search?

Everyone knows of the common cybersecurity tips to be careful when you open links in an email. But every day we look for something on the Internet, clicking links which the search engine shows us, and we do not have the same fear. Why are the links…
Adam Shakhabov
  • 843
  • 1
  • 5
  • 7
76
votes
12 answers

Is there any definitive way to tell if an email is a phishing attempt?

Is there any definitive way to tell if an email is a phishing attempt? What cues should the "average computer" user employ to detect a phishing email?
daikin
  • 999
  • 1
  • 6
  • 8
67
votes
4 answers

Are there any security risks in replying to an SMS message?

I routinely receive seemingly harmless SMS messages from unknown people. They're usually simple, like "Hi" or "Hello" or "Are you there?". This happens several times a week, and certainly often enough that it seems to be some sort of organized,…
Caleb
  • 649
  • 1
  • 5
  • 7
59
votes
4 answers

What is the purpose of a targeted email without any meaningful content?

I received an email to my corporate email account from an external Gmail account. The list of recipients clearly shows (an eventually successful) attempt to guess my email address based on my personal information (nothing confidential — all of it is…
Itaypk
  • 693
  • 3
  • 6
56
votes
4 answers

Effectiveness of Security Images

Do security images such as those presented upon logging into banks provide any tangible security benefits, or are they mostly theater? Per my understanding, if somebody is phishing your users, it's also trivial for them to proxy requests from your…
Stephen Touset
  • 5,736
  • 1
  • 23
  • 38
54
votes
4 answers

Are non-English speakers better protected from (international) phishing?

After I received dozen of spam mails over the last year with my thrashmail (used for "You must log in once to check out this product.."-Sites, etc.) I noticed they were mostly translated (if they are at all) horribly. I thought about that after…
pguetschow
  • 750
  • 5
  • 15
1
2 3
35 36