Tech Team Blog: Phishing and Malware

Following on from our blog ‘Worry-free email’, here’s the Farmplan Tech Team’s guide to phishing and malware.

email-webaddresesPhishing

Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.

Typically, a victim receives a message that appears to have been sent by a known contact or organization. An attachment or links in the message may install malware on the user’s device or direct them to a malicious website set up to trick them into divulging personal and financial information, such as passwords, account IDs or credit card details. Phishing is a homophone of fishing, which involves using lures to catch fish.

Phishing is popular with cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate email than trying to break through a computer’s defences. Although some phishing emails are poorly written and clearly fake, sophisticated cybercriminals employ the techniques of professional marketers to identify the most effective types of messages – the phishing “hooks” that get the highest “open” or click through rate and the Facebook posts that generate the most likes. Phishing campaigns are often built around the year’s major events, holidays and anniversaries, or take advantage of breaking news stories, both true and fictitious.

To make phishing messages look like they are genuinely from a well-known company, they include logos and other identifying information taken directly from that company’s website. The malicious links within the body of the message are designed to make it appear that they go to the spoofed organization. The use of subdomains and misspelled URLs (typosquatting) are common tricks, as is homograph spoofing – URLs created using different logical characters to read exactly like a trusted domain. Some phishing scams use JavaScript to place a picture of a legitimate URL over a browser’s address bar. The URL revealed by hovering over an embedded link can also be changed by using JavaScript.

Malware

Short for “malicious software,” malware refers to software programs designed to damage or do other unwanted actions on a computer system. Malware is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms, Trojan horses, and also spyware, programming that gathers information about a computer user without permission.

Common examples of malware include viruses, which can for example, cause havoc on a computer’s hard drive by deleting files or directory information. Spyware can gather data from a user’s system without the user knowing it. This can include anything from the web pages a user visits to personal information, such as credit card numbers.

It is unfortunate that there are software programmers out there with malicious intent, but it is good to be aware of the facts. You can install anti-virus and anti-spyware utilities on your computer that will seek and destroy the malicious programs they find, helping you stay safe online and combat these potential fraudsters.

Andrew Smith, Farmplan Tech Team says, “Although this sounds scary, you can take steps to minimise the impact these phising and malware scams have on your IT Systems. You can install anti-virus software and make regular backups of your valuable business data. Here at Farmplan we work closely with many agricultural businesses throughout the UK to help them stay safe and protect their day to day operations.”

If you think your computer has a virus or you are looking for advice on staying safe online, please contact our Tech Team on 01594 545033 or email pcsupport@farmplan.co.uk