(Video) SPAM, Phishing and Spear Phishing

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses – SPAM! Phishing and Spear Phishing

[start of transcript]

Hello. My name is Roger.

SPAM, phishing, spear phishing. It’s how the bad guys use or what they use to target us to make us more vulnerable and more accessible to them. So, how do you do? We all know we get spam, everybody gets spam. But what’s phishing? What’s spear phishing?

Well spam originally started at about 15 years ago. We had Viagra, Nigerian princes. We then started getting phishing attacks. This is where the bad guys really got involved. And they started putting bait into emails which is, which it was literally click on the link and you’re going to get something.

Spear phishing is a progression of phishing, but it takes into account making that email so much more accurate, as well as not being able to differentiate between a real email and a spear phishing email. And that information is being gleaned from the internet, from your LinkedIn, your Facebook, your Twitter, all of those things that you’re interested in doing.

So, how do you stop receiving spam? Well one of the best things you can do is to never reply to a spam email. Because what you do by replying is qualify your email address. The other thing is, do not indiscriminately post your email address or have it visible on websites.

Another way you can track spam is use different addresses. If you have a domain, and you have access to that email component of your domain, use a different email addresses, facebook@mydomain.com, or whatever the name of it is. Because it does two things. One, you can track where it is going, but also, you could track if someone else has sold your email address to someone else.

And then, on top of that, the last thing that you could do is use a spam filter. A spam filter literally takes out 90 percent of the dedicated spam that is there. What do you need to check in a suspected spam email? Well, have a look at the header. Where did it come from? How did it get to you? And also, think how did they get my email address? APO, Australia Post. They never send you banks. They never send you email asking for information.

But if you get—if your system is compromised, and you start sending out spam because some of the viruses that you can contract will do that, you will then end up being virus checked going outbound. So, the email that you’re sending to other people is then totally visible to being organized by people who are making sure that spam is not a problem.

But you can also end up on a blacklist as well. And by ending up on a blacklist, means that you cannot send email to people who use that blacklist to protect themselves.

On top of that, if someone has been compromised, or you have been compromised and you are sending out email and they are coming back as bounced, then you have to look at what the bounced messages say, “caught by spam filter.” It’s a good indication that you may have a problem. And if those things have happened, you then have to do the work to make sure you are removed from those anti-spam systems.

Thank you very much.

[End of transcript]

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.