IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [phishing]

Phishing is an attempt to steal user's personal information such as username, password, credit card number etc. The main idea of such attack is that the attacker pretends to be a trusted web-site which asks the user to re-enter the personal information and in this way steels it.

559 questions
123
votes
5 answers

Why do phishing emails have spelling and grammar mistakes?

Are the spelling and grammar mistakes in phishing emails done on purpose? Is there some wisdom behind it? Or they are simply indicative of the fact that they've been written by someone who does not natively speak English?
Muhammad Hasan Khan
  • 1,341
  • 2
  • 9
  • 6
24
votes
4 answers

"Phishing" red flags and countermeasures

Given the recent spate of intrusions into various networks which have included compromise of subscriber identity and contact information, I figured it would be good for us to have a thread on how to spot and react to a "phishing" attempt. While the…
Iszi
  • 27,127
  • 18
  • 101
  • 163
22
votes
4 answers

Is this account change PDF email (supposedly from Paypal) an exploit?

i recently received the following (rather obvious) phishing email: i'm not a PayPal user so this particularly un-alarming for me. however, when viewing as plain text, it became evident that there were hidden characters between every displayed…
homerman
  • 355
  • 2
  • 7
16
votes
3 answers

Can malware change the website visited by browser?

I heard in a security talk today (I didn't have the opportunity to ask questions): The speaker mentioned that he observed (2 years ago) that a possible malware on a given computer was behaving such that, when the user visits a legitimate URL via the…
Jake
  • 1,095
  • 3
  • 12
  • 20
16
votes
2 answers

Ongoing Executive Impersonation Attack

A friend of mine runs a small business that was recently targeted by a relatively sophisticated "executive impersonation" wire transfer spearphishing attack. The attacker registered a domain that was a slight variant to the target company's that…
ESultanik
  • 263
  • 1
  • 6
15
votes
6 answers

What are effective ways to prevent targeted phishing?

Phishing is a very serious problem that we face. Popular banks are often the biggest targets. What methods can a bank website use to protect its self from phishing attacks? What security systems should someone use to protect themselves? Why do…
rook
  • 47,238
  • 10
  • 96
  • 182
9
votes
2 answers

How to report a phishing text?

I received a text message on my phone the other day with an attachment link: Dear Customer, please contact us about your account Call2bankofamerica It's an obvious phishing attempt, and I would like to report it but to whom? I called Bank of…
M.Mat
  • 201
  • 1
  • 5
8
votes
3 answers

Conducting a succesful phishing test

How do you usually conduct a safe phishing exercise to test the staff's security awareness? How do you ensure that staff are not offended by such an exercise? Would you in some circumstances also include the CEO without letting him/her know about…
JinPangPang
  • 1,951
  • 2
  • 17
  • 27
8
votes
3 answers

Is this phishing or the real PayPal?

This has all traits of phishing, apart from the extended validation SSL cert. Is this site run by the real PayPal?
RomanSt
  • 1,220
  • 10
  • 25
8
votes
4 answers

Reminder: Reset your password - phishing or genuine Facebook email?

An email claiming to be from facebook had the following content: Hi Andrew, You recently requested a new password for your Facebook account. It looks like we sent you an email with a link to reset your password a few days ago. This is a reminder…
Andrew Grimm
  • 2,102
  • 2
  • 20
  • 27
7
votes
2 answers

An email from gaia.bounces.google.com

I received an email from gaia.bounces.google.com, supposedly from Google, which asked me to click on a link to check my security status. Is this legitimate? I searched with my Norton Safe Search but couldn't find this .com at all.
Dawn Stanza
  • 79
  • 1
  • 1
  • 2
6
votes
1 answer

Why do they put cyrillic letters in phishing email?

I have just received this email: Fог уоuг ргоtесtіоn, уоuг Αррlе ID іѕ аutоmаtісаllу disabled. Wе hаνе ргеνеntеd аn unuѕuаl ѕіgn іn аttеmрt оn уоuг Αррlе ассоunt.Тhіѕ ассоunt hаѕ Ьееn lоскеd Ьесаuѕе ѕіgnіng іn fгоm а nеw lосаtіоn ог fгоm а…
robert
  • 183
  • 1
  • 8
6
votes
1 answer

fake website used for phishing purposes

Our real web site is www.abc.com. Recently Intel notified us of another web site www.fake.com having some parts of the site appearing the same as our real site. This is obviously a phishing site. Not much damage has been done and I don't think our…
JinPangPang
  • 1,951
  • 2
  • 17
  • 27
5
votes
3 answers

Why do I receive phishing mails from my bank shortly after visiting the bank's site?

Sometimes I realize that I receive phishing emails just after doing some operations on the web. For instance, I was trying to pay taxes from my bank account (website was trusted 100%, I checked the signature), just after a few minutes I receive a…
giuseppe
  • 151
  • 2
4
votes
1 answer

Is this a phishing attempt? if yes where to report?

I received strange email from co-worker, asking me to click the link. I did eventually follow the link, but thought putting in my gmail user/pass wasn't wise. What do you think? is this phishing attack? if yes where do I report it and get it taken…
user32389
1
2 3 4 5