COMMENT: British Gas phishing email sent to customers
In light of the news this morning that a sophisticated phishing email pretending to be from British Gas is being sent to customers saying they are owed refunds, the comment from David Emm, Principal Security Researcher at Kaspersky Lab.
“The growing skill levels of cybercriminals has meant that phishing emails are becoming even more convincing. With these sophisticated scammers using the same logo and font of British Gas, today’s news is yet another reminder that it’s becoming harder to tell what’s real and what’s fake.
However, there are some tell-tale signs that indicate that something is a phishing message (for example, banks and other organisations never send e-mails asking for confidential data) so, if you receive such an e-mail, assume it’s phishing. Remember, if it looks important, and you’re not sure, you should always call to check.
Phishing relies on social engineering, i.e. manipulating human psychology. So, there are always new ways to try and trick people, and just like road safety, it’s best to adopt a security culture that will keep you safe in any situation – not just some that you’ve practised. For example, it’s best never to click on links in e-mails; if you adopt this rule, you never need to rely on being able to distinguish a real link from a phishing link.
Kaspersky recommends the following to help you reduce the amount of spam email you receive, therefore decreasing the risk of being a target of phishing attacks:
1. Use Internet security software: Installing updates as soon as they are available and using unique, complex passwords for online accounts.
2. Set up multiple email addresses: It’s a good idea to have at least two email addresses:
· Private email address - This should only be used for personal correspondence, and should never be published on publicly accessible online resources.
· Public email address - Use this address when you need to register on public forums and in chat rooms, or to subscribe to mailing lists and other Internet services. Treat it as a temporary address and don’t be afraid to change it if you start getting inundated with junk mail.
3. Never respond to any unsolicited message or click on attachments or links: Most spammers verify receipt and log responses. The more you respond, the more spam you’re likely to receive.
4. Think before you click ‘unsubscribe’: Spammers send fake unsubscribe letters in an attempt to collect active email addresses. If you click ’unsubscribe’ in one of these letters, it may simply increase the amount of spam you receive. Do not click on ’unsubscribe’ links in emails that come from unknown sources.
5. Keep your browser updated: Make sure that you use the latest version of your web browser and that all of the latest Internet security patches have been applied.
6. Use anti-spam filters: Only open email accounts with providers that include spam filtering. Choose an antivirus and Internet security solution that also includes advanced anti-spam features.