Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses – SPAM! Phishing and Spear Phishing
[start of transcript]
Hello. My name is Roger.
SPAM, phishing, spear phishing. It’s how the bad guys use or what they use to target us to make us more vulnerable and more accessible to them. So, how do you do? We all know we get spam, everybody gets spam. But what’s phishing? What’s spear phishing?
Well spam originally started at about 15 years ago. We had Viagra, Nigerian princes. We then started getting phishing attacks. This is where the bad guys really got involved. And they started putting bait into emails which is, which it was literally click on the link and you’re going to get something.
Spear phishing is a progression of phishing, but it takes into account making that email so much more accurate, as well as not being able to differentiate between a real email and a spear phishing email. And that information is being gleaned from the internet, from your LinkedIn, your Facebook, your Twitter, all of those things that you’re interested in doing.
So, how do you stop receiving spam? Well one of the best things you can do is to never reply to a spam email. Because what you do by replying is qualify your email address. The other thing is, do not indiscriminately post your email address or have it visible on websites.
Another way you can track spam is use different addresses. If you have a domain, and you have access to that email component of your domain, use a different email addresses, firstname.lastname@example.org, or whatever the name of it is. Because it does two things. One, you can track where it is going, but also, you could track if someone else has sold your email address to someone else.
And then, on top of that, the last thing that you could do is use a spam filter. A spam filter literally takes out 90 percent of the dedicated spam that is there. What do you need to check in a suspected spam email? Well, have a look at the header. Where did it come from? How did it get to you? And also, think how did they get my email address? APO, Australia Post. They never send you banks. They never send you email asking for information.
But if you get—if your system is compromised, and you start sending out spam because some of the viruses that you can contract will do that, you will then end up being virus checked going outbound. So, the email that you’re sending to other people is then totally visible to being organized by people who are making sure that spam is not a problem.
But you can also end up on a blacklist as well. And by ending up on a blacklist, means that you cannot send email to people who use that blacklist to protect themselves.
On top of that, if someone has been compromised, or you have been compromised and you are sending out email and they are coming back as bounced, then you have to look at what the bounced messages say, “caught by spam filter.” It’s a good indication that you may have a problem. And if those things have happened, you then have to do the work to make sure you are removed from those anti-spam systems.
Thank you very much.
[End of transcript]