Dealing with Spoofing Emails & Safe Internet Use

Recently there has been an increase in Spoofing / Spam / Phishing emails requests for Money Transfers / Confirming Security Details.

Some have other requests in addition to containing Viruses, Malware and / or Spyware.

It seems that more people are now being deliberately targeted by Online Scammers, in the hope that they can take advantage of the more vulnerable people in society, such as disabled & elderly people and the less experienced IT users.

But they are not alone, high profile companies / organisations can be targets too. There is little that can be done to stop this so knowing the basics is very useful.

Prevention of Risk

You are strongly advised that if you do receive emails of this nature, to ensure that you do the following:

  • Verify the Email Source – does the email address exactly match the person who it says is sending it? If you get an email and the address is a series of random numbers and letters – this could be very damaging for your device..
  • Spot Grammar Mistakes – Is it written in grammar the sender would use, or are there spelling mistakes?
  • Inbox or Junk Mail – Check if you received the mail in your mailbox inbox or junk mail?
  • DO NOT open any attachments or links if you are at all suspicious.
  • Do you know the Sender – Do you recognise the sender / company / website and would this email be something that you would expect, i.e. linked to an order you have placed, banks asking for you to verify your security details, etc.
  • If a request for a funds transfer contains a telephone number, DO NOT call it first, it may also be a scam and you may end up with a very expensive phone bill.
  • Be Safe – Ignore it, Block it, Delete it.
  • Report it – if you know where to send spoof email, always do that as it gives the legitimate company / bank a way of investigating and potentially take further action. Many companies / banks etc will have a reporting email address to use to report suspicious emails. If you are not sure what the email address is, they will tell you if you contact them.
  • Remember – Cyber scams are being taken very seriously now by the authorities, so help stop it from happening to someone else.

Hopefully by alerting your friends or family we can help prevent the potential harm caused by spoofing emails.

Below are Copies of the Information above in MS Word and PDF Formats.

Spoofing Emails

Spoofing Emails

Safe Internet Use

The internet has revolutionised the way we live our lives – enabling us to read the news, enjoy entertainment, carry out research, book our holidays, buy and sell, shop, network, learn, bank and carry out many other everyday tasks. 

However, there are risks associated with going online. These result from either visiting malicious websites or inadvertent disclosure of personal information. 

The risks of visiting malicious, criminal or inappropriate websites include:

  • Viruses and Spyware (collectively known as malware).
  • Phishing, designed to obtain your personal and/or financial information and possibly steal your identity.
  • Fraud, from fake shopping, banking, charity, dating, social networking, gaming, gambling and other websites.
  • Copyright infringement – copying or downloading copyright protected software, videos, music, photos or documents.
  • Exposure to unexpected inappropriate content.

Browsing

When you use the internet, your browser (for example Google Chrome, Microsoft Edge, Opera, Safari, Firefox or Internet Explorer keeps a record of which sites you have visited in its ‘history’.

When you use the internet, the websites you visit are visible to your ISP (Internet Service Provider), who will record details of your internet usage in accordance with legal requirements. 

Use the Internet Safely

It is very easy to clone a real website and does not take a skilled developer long to produce a very professional-looking, but malicious site.

Being wary of malicious, criminal or inappropriate websites:

  • Use Your Instincts and common sense. 
  • Check for Contact Details: Always check for the presence of an address, phone number and / or email contact – often indications that the website is genuine. If in doubt, send an email or call to establish authenticity.
  • Check Website’s Address: Check that it seems to be genuine by looking for subtle misspellings, extra words, characters or numbers or a completely different name from that you would expect the business to have.
  • Use Your Mouse: Roll your mouse pointer over a link to reveal its true destination, displayed in the bottom left corner of your browser. Beware if this is different from what is displayed in the text of the link from either another website or an email.
  • Look for a Padlock: If there is NO padlock in the browser window or ‘https://’ at the beginning of the web address to signify that it is using a secure link, do not enter personal information on the site. 
  • Personal Information: Websites which request more personal information than you would normally expect to give, such as user name, password or other security details IN FULL, are probably malicious.
  • Pharming: Avoid ‘pharming’ by checking the address in your browser‘s address bar after you arrive at a website to make sure it matches the address you typed. This will avoid ending up at a fake site even though you entered the address for the authentic one – for example ‘eebay’ instead of ‘ebay.
  • Investing Scams: Always get professional advice before making investment decisions. Sites that hype investments for fast or high return – whether in shares or alleged rarities like old wine, whisky or property – are often fraudulent.
  • Recruitment: Be wary of websites which promote schemes that involve the recruitment of others, receiving money for other people or advance payments. If you are suspicious of a website, carry out a web search to see if you can find out whether or not it is fraudulent.
  • Be wary of websites that are advertised in unsolicited emails from strangers.

 Secure Websites

Before entering private information such as passwords or credit card details on a website, you can ensure that the link is secure in two ways: 

  • There should be a padlock symbol in the browser window frame, that appears when you attempt to log in or register. Be sure that the padlock is not on the page itself … this will probably indicate a fraudulent site.
  • The web address should begin with ‘https://’. The ‘s’ stands for ‘secure’.

The above indicate that the website owners have a digital certificate that has been issued by a trusted third party, such as VeriSign or Thawte, which indicates that the information transmitted online from that website has been encrypted and protected from being intercepted and stolen by third parties. In other words, the communication between you and the site owner is secure, however a certificate is no guarantee that the site owner is the organisation or person you think you are communicating with … you need to carefully check the web page address to confirm authenticity. 

When using websites that you do not know, look for an Extended Validation (or EV-SSL) certificate, which indicates that the issuing authority has conducted thorough checks into the website owner. The type of certificate held can be determined by clicking the padlock symbol in the browser frame which will launch a pop-up containing the details. 

Do also note that the padlock symbol does not indicate the merchant’s business ethics or IT security. 

Cookies

Cookies are files on your computer, smartphone or tablet that websites use to store information about you between sessions. Most of the time they are innocuous – carrying out tasks such as keeping track of your username so that you don’t have to log into a website every time you visit it, and storing your usage preferences.

However, some are used to track your browsing habits so that they can target advertising at you, or by criminals to build a profile of your interests and activities with a view to fraud.

  • Set your browser to warn you when a cookie is installed. Note that some sites will not work if you block cookies completely.
  • Some browsers will let you enable and disable cookies on a site by site basis so you can allow them on sites you trust.
  • Use an anti-spyware program that scans for so-called tracker cookies.
  • There are also cookie management programs that can delete old cookies and help manage them. In addition you can use settings in some browsers to delete unwanted cookies.
  • Use a plain text email display instead of HTML email so that tracking files and cookies cannot be included in email files.
  • UK websites must gain your permission to enable cookies. 

Safe Use of Browsers

The most common internet browsers enable you to manage your settings such as allowing and blocking selected websites, blocking pop ups and browsing in private. Respective browsers will tell you to do this in slightly different ways, so we recommend that you visit the security and privacy section of their websites, or the help area of the browsers themselves:

  • Some browsers also have the ability to identify fraudulent websites by default. 
  • Always ensure that you are running the latest version of your chosen browser that your operating system will support. Also, be sure to download and install the latest updates. 
  • It is important to remember that turning on the private browsing setting or deleting your browsing history will only prevent other people using your computer from seeing which sites you have visited. Your internet service provider, search engine, law enforcement agencies and possibly (if browsing at work) your employer, will still be able to see which sites you have visited or keywords you have searched for.
  • Always remember to log out of a secure website when you have completed your transaction, and before you close the browser. Closing the browser does not necessarily log you out.
  • Ensure you have effective and updated antivirus/antispyware software and firewall running before you go online. 

Illegal Material 

This is What to do if you Encounter Illegal Material 

  • If you come across content that you consider to be illegal such as child abuse images or criminally obscene adult material, you should report this to the IWF (Internet Watch Foundation): iwf.org.uk.
  • If you come across content that you consider illegal such as racist or terrorist content, you should report this to the Police.

Find Out More

You can find out much more information that will help you stay safe online by visiting  https://www.getsafeonline.org/

Below are Copies of the Information above in MS Word and PDF Formats.

Safe Internet Use

Safe Internet Use