Anthem’s event was described as a ‘sophisticated attack’ and there is lots of great information on the web if you are interested in the particulars. I would like to discuss some of the finer points of this attack and how we can use this information to help protect ourselves.
Let’s discuss some of these defenses. Bryan had a great article last time on creating strong passwords. Passwords are often maligned but still remain your primary defense.
Your actions on the internet and with email are probably the most exploited attack vectors. When you are surfing the net, remember that what you click on may not be what it appears to be. Links generally take you to another page with more information about the topic it refers to but a corrupted site could take you to a site of nefarious intentions. How can you tell where you are going to go? Sometimes it’s hard but here are some tips.
On the internet, when you hover over a link a pop-up window will show you the URL of where it is pointing. Read this and make sure it looks right to you. This is from our website showing that you will go to another page associated with www.yhbcpa.com. But you have to watch this closely. Back to the Anthem case, their holding company is Wellpoint. There was a domain established through a Chinese registration company with the domain name we11point.com. I quick look at the box and you might not notice the substitution of ‘1’ for ‘l’ in the name. That is what they are hoping for.
Another trick is to send a convincing email with a link to a website that will ask you for information. You have a similar chance to see where that link is going. See below, when I hovered my mouse over the link it shows that the URL is related to the company that the email came from. Even though I get regular emails from this company, I always look here to make sure they are going to the anticipated website.
But remember, the bad guys are going to send emails that you might be anticipating.
Let’s look at this closely. It came from a gmail account but when you look at the ‘From’ line it says email@example.com. Scammers like to use your email as the ‘from’ line since you are used to seeing your own email. In this example there was a link to cancel the order but the link was directed to vahinimotors.com. The key to avoiding phishing is to think before you react. This email looked like my PayPal account was going to be charged, the IRS emails look like you are either going to be audited or have a pending refund. All of these things would cause you to react quickly to. Remember the domain the we11point.com domain? There was a purpose in making it look like wellpoint.com.
These scams can be easy to spot if you take your time. As for the above emails, firstname.lastname@example.org is an old email address, my PayPal account is not linked to my work email, and generally I would not expect PayPal to present the charge to me in Canadian Dollars. Other things to look for are misspellings, poor grammar, and strange presentation (like the address with no capitalization.) While mistakes happen even in authentic emails, it should cause a pause in your reaction.
Scams or attacks are generally designed to trick you into entering information. Be careful using a link in an email. If it is a company you use regularly, go to the website from your browser and don’t use the link. If you do use the link, examine the URL in your browser once it opens and make sure it is correct. Don’t rely only on the look of the website because it is easy to create an exact replica of the legitimate website.
One axiom in the security industry is “The bad guys only have to be right once, we have to be right every time!” Be careful, watch where you are going on the web and what is coming at you in emails. A little caution and well placed skepticism will help keep you safe.