Security information for safe digital utilization provided by Canon MJ Cyber ​​Security Information Bureau ESET Beware of phishing scams!What to do to avoid becoming a victim

Autumn is a good time to go out to the resort and spend time outdoors. On the other hand, it also increases the time to delete unwanted malicious junk e-mails and SMS messages. Criminals will be more likely to commit phishing scams. October is Cybersecurity Awareness Month to raise awareness of cybersecurity, and the second week was chosen with the theme of "deterring phishing scams."

The harsh reality of phishing scams

ESET held a phishing quiz to distinguish phishing scams from real messages from four images. But it's surprising that just over 60% of the participants couldn't identify them all correctly.

This free event, called the Fishing Derby, was developed by a team from ESET in the United States to compete for how much you can distinguish between fake and genuine messages. Scores are calculated based on how quickly and accurately the message can be classified, but some 40% of the correct answers include those who could identify only three images very quickly. In other words, the percentage of correctly classifying all four images is even lower. This quiz was not developed to obtain statistical data, but was intended to educate participants and educate them on how to identify fake emails.

Interestingly, the accuracy rate of the quiz varied greatly depending on the age. Forty-seven percent of the younger generation, aged 18 to 24, were able to answer accurately, compared to only 28% for those aged 65 and over. In addition, 45% were 25-44 years old and 36% were 45-64 years old. Some may question the validity of the data, but with 4,292 participants, the data was collected as a by-product of the awareness campaign rather than an academic survey. Similar results were obtained when the same quiz was conducted by ESET in Canada. 68% of participants said they couldn't classify the four images accurately. You can take the US and Canadian versions of the test at the link.

What action should we take based on these results? Many readers of this article will be interested in cybersecurity and want to use the Internet more securely. Therefore, I would like to give you a challenge in 2021 Cyber ​​Security Awareness Month. Pay attention to your emails and messages, understand the best way to use the Internet safely, and tell your friends and family about it. In particular, I would like you to focus on helping the elderly. This is because there is data that even such a small amount of support can have a great effect.

It may seem that the actual damage is diminishing as financial institutions, cybersecurity companies, and governments continue to raise awareness to raise awareness of cybersecurity. However, phishing emails have become so sophisticated that it has become difficult to distinguish them from fake emails. As cybercriminals' technology advances, it becomes more difficult to identify phishing emails.

To distinguish phishing

Last week, I received an e-mail that I thought was from American Express (Amex). The content of the email was asking you to check your most recent purchase history as the suspicious transaction was blocked. Well-written texts and images were used, and at first glance it looked like a legitimate guide, but there were some obvious signs that the email was fake.

Figure 1: Email disguised as Amex

To card users We have stopped online purchases due to card usage from unusual regions. Since the location information could not be identified, we have suspended transactions and temporarily suspended our card and online account for security. To unlock the security lock, check your recent online transaction history here. Click here to check your latest transaction This procedure is based on measures to bring you the best experience. We apologize for the inconvenience, and thank you for your cooperation.American Express

First, I don't have an Amex Business Platinum Card. If you had a card, it's understandable to open the email and click the link. This text is devised to fuel a sense of crisis. "It's hard, the card is being used fraudulently. I have to solve the problem. Let's click."

Also, the clues to identify this e-mail as fake are the address "To card users" and the place where "First two digits of the card number: 37 *****" are written. Amex should know who the customer is and will not send an email that applies to everyone. Also, credit card companies usually assign a unique number to the end of the card number, and the beginning of the card number is not a unique number. According to a former Amex employee, the first digit of the cards issued by the company is 3, and the second digit is 4 or 7. In other words, the card number in the email you received was a generic one that applies to many people. You'll find that cybercriminals have spread these emails to deceive their targets.

With more powerful computers available to cybercriminals, it's more difficult to tell phishing. For example, computers on the cloud can be used as much as necessary, and a large amount of personal information has been circulated due to information leakage incidents. In addition, the funds obtained from recent cyber attacks are leaking to the cybercrime business. What if the phishing email spoofing Amex contained the name of the cardholder and the four-digit card number obtained from the leaked data? The risk of the recipient clicking on the link will be extremely high.

Other notes about phishing attacks

Here are some tips for identifying phishing emails.

If you're not sure if your email is genuine or fake, it's a good idea to go directly to the alleged sender's website from your browser and log in to your account to see if there are any messages. If you find important information in your message or inbox, contact the company as needed to make sure the information is correct.