"Wall chart" for identifying spam/phishing

Forums › Off topic › "Wall chart" for identifying spam/phishing

cazique

8 posts

Wannabe Geek
+1 received by user: 7

#310541 30-Oct-2023 16:09

I'm trying to educate a few older friends and relatives how to recognise spam/phishing emails, but I fear they are not getting the message. Are there any good printable charts that I can stick on their wall? I've found a few such images online but I don't think they're very good, frankly. I'm trying to find a simple chart that emphasises warning signs like:

1. The email fails to greet you by name (generic salutation like "Dear User")

2. Return email address is gibberish.

3. Email tries to make you click on a URL that is obviously fake.

4. Bad spelling/grammar.

5. Blurry images/logos.

Thanks for any tips.

1 | 2

1634 posts

Uber Geek
+1 received by user: 1041

#3153758 30-Oct-2023 16:32

Email tries to make you click on a URL that is obviously fake.

This is probably the biggest clue. I think you'll need to show people how to spot this though - its not as simple as looking at what is in the email. You need to check the actual URL the link will go to.

A couple of things to look out for is:

You do not recognise the sender/caller
You are not expecting a package (lots of spam/phishing done this way these days)
You do not need to give anyone remote access to your PC. Ever.
If it feels suspicious, do nothing until you've checked with someone else

zocster

1994 posts

Uber Geek
+1 received by user: 105

ID Verified

Trusted

Lifetime subscriber

#3153759 30-Oct-2023 16:34

Could possibly customise this?

SirHumphreyAppleby

2938 posts

Uber Geek
+1 received by user: 1859

#3153764 30-Oct-2023 16:57

I would add...

DKIM/SPF checks fail or give warnings. It's unfortunate that most clients don't make this information available to you, but GMail at least does if you select the "Show Original" option.
Use of internationalised domain names.
Return-path is from a different domain (related to SPF). Note, this is different from the reply-to address.

cazique

8 posts

Wannabe Geek
+1 received by user: 7

#3153765 30-Oct-2023 17:05

SirHumphreyAppleby:

I would add...

DKIM/SPF checks fail or give warnings. It's unfortunate that most clients don't make this information available to you, but GMail at least does if you select the "Show Original" option.
Use of internationalised domain names.
Return-path is from a different domain (related to SPF). Note, this is different from the reply-to address.

I'm trying to educate older people who only have a basic understanding of the Internet. They won't understand jargon like checking DKIM/SPF (heck, even I'm not familiar with those abbreviations). They probably would understand that an email purporting to be from PayPal should have a return email address like Paypal.com, not a gibberish return address like dlgeldfd [at] fsdgljgfg.com. I think a chart with the 5 points I mentioned above would identify spam/phishing in most cases.

gehenna

8667 posts

Uber Geek
+1 received by user: 3883

Moderator

Trusted

Lifetime subscriber

#3153766 30-Oct-2023 17:06

Contact Netsafe and see what educational resources they have.

cazique

8 posts

Wannabe Geek
+1 received by user: 7

#3153767 30-Oct-2023 17:08

nzkc:

Email tries to make you click on a URL that is obviously fake.

This is probably the biggest clue. I think you'll need to show people how to spot this though - its not as simple as looking at what is in the email. You need to check the actual URL the link will go to.

I can explain "Hover your mouse pointer over the link and you'll get a pop-up showing you the URL", yes.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

tweake

2641 posts

Uber Geek
+1 received by user: 1137

#3153770 30-Oct-2023 17:28

nzkc:

Email tries to make you click on a URL that is obviously fake.

This is probably the biggest clue. I think you'll need to show people how to spot this though - its not as simple as looking at what is in the email. You need to check the actual URL the link will go to.

its common for people to miss the subtle difference in the link. something as simple as a .co.nz when the correct one is actually .com.

the other BIG problem with nz is not the users but the businesses. eg boss had an email saying "you missed payment, please click link". obvious spam, but no it was actually legit from a major nz company (and i think that i was actually from the bank).

my simple advice, is do not use the links in the email. use your normal links.

fearandloathing

537 posts

Ultimate Geek
+1 received by user: 206

ID Verified

Lifetime subscriber

#3153771 30-Oct-2023 17:29

There’s a good summary here and a nice chart.

https://cofense.com/knowledge-center/signs-of-a-phishing-email/

SaltyNZ

8862 posts

Uber Geek
+1 received by user: 9539

Trusted

2degrees

Lifetime subscriber

#3153774 30-Oct-2023 18:13

nzkc:

Email tries to make you click on a URL that is obviously fake.

This is probably the biggest clue. I think you'll need to show people how to spot this though - its not as simple as looking at what is in the email. You need to check the actual URL the link will go to.

Yes, but it's also very difficult for most people to discern. There's a flood of crap coming through at the moment with URLs that all have "2degrees" somewhere in the URL. (I won't give examples for obvious reasons). How could a bad guy possibly have "2degrees" in the URL? It must be real!

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

gehenna

8667 posts

Uber Geek
+1 received by user: 3883

Moderator

Trusted

Lifetime subscriber

#3153777 30-Oct-2023 18:33

Probably a good starting point is to assume no communication you receive is legitimate, and work your way up from there.

alasta

6888 posts

Uber Geek
+1 received by user: 3362

Trusted

Subscriber

#3153781 30-Oct-2023 18:55

gehenna:

Probably a good starting point is to assume no communication you receive is legitimate, and work your way up from there.

This.

Honestly, training non-technical people to spot scams these days is really hard. I frequently get spammy looking emails at work that I report to the IT department as scams and they turn out to be legitimate emails from our (admittedly strange) systems.

The best approach is to give them a simple procedure that they can apply consistently regardless of whether they suspect something is a scam. e.g.

If you bank calls you then insist that you will call them back on their published number then immediately hang up.
If you receive an email from Waka Kotahi then go directly to their web site and renew your car registration that way.
If you receive an email or instant message from a family member asking for money then call them to discuss it, or contact another family member.
etc.

Dell

Shop now for Dell laptops and other devices (affiliate link).

Eva888

2759 posts

Uber Geek
+1 received by user: 2420

Lifetime subscriber

#3153784 30-Oct-2023 19:07

Another one to watch out for that I received purportedly from Google, very legit looking telling me my storage was full and to click the link for a one time offer of X$. I checked the address url and sure enough it was a fake.

It made my heart drop when first opened and thinking damn, maybe I should take the great deal offered. I can imagine many would have fallen for it.

quickymart

14940 posts

Uber Geek
+1 received by user: 13952

ID Verified

#3153788 30-Oct-2023 19:31

alasta:

If you receive an email or instant message from a family member asking for money then call them to discuss it, or contact another family member.

Had this as well, a family member's Facebook account was compromised. They asked me to send them money via Messenger. Tried calling but they didn't answer. I said "I don't believe it's you", they said "its me lol". I pointed out if it was them they would answer the call...and they blocked me.

I reported this to Facebook and the account was disabled (as it should have been!).

alasta

6888 posts

Uber Geek
+1 received by user: 3362

Trusted

Subscriber

#3153796 30-Oct-2023 20:23

quickymart:

Had this as well, a family member's Facebook account was compromised. They asked me to send them money via Messenger. Tried calling but they didn't answer. I said "I don't believe it's you", they said "its me lol". I pointed out if it was them they would answer the call...and they blocked me.

I reported this to Facebook and the account was disabled (as it should have been!).

This is one of the reasons why I stopped using social media and instant messaging. The nuisance emails that I get tend to be generic mass mailed material whereas, at least anecdotally, scams over social media seem to be a bit more sinister in the way that they are personally targeted. Honestly, I would rather that my elderly parents didn't use these services.

ANglEAUT

altered-ego
2436 posts

Uber Geek
+1 received by user: 841

Trusted

Lifetime subscriber

#3153819 30-Oct-2023 21:52

cazique: ... I've found a few such images online but I don't think they're very good, frankly. I'm trying to find a simple chart that emphasises warning signs like: ...

Take your pick

Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

1 | 2