Important! Do not read that email until you have read this article. It knows where you live

What will you do if one morning you wake up to find an apparently "authentic" email stating that you have been billed $5,000 and that you are expected to pay up within two days or face legal actions? That sounds threatening and nightmarish isn't it? Of course that can cause you to start your day tensed up.

Attention has been drawn to a new form of phishing via email, known as phishing email. The complexity of this form of email phishing is what created a lot of concern among email users in the UK. Though, at the time of reporting, the extent of the threat is yet to be known, the BBC reported that thousands of people have already received it.

What is phishing?

Sample Phishing email

According to TechTarget “Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels. They even contain "genuine" logos to make them appear authentic.” Phishing is a fraudulent system comprising of email messages, websites, and phone calls all designed to defraud unsuspecting individuals. All components are designed to make you part with your data like Social Security number, Bank details, Debit/Credit Card details and Biometric Verification Number etc. 

What cyber criminals do 

1. They send you a phony email, phone call or SMS message mimicking a reputable entity with some warning
2. The mail encourages you to click a link that takes you to a fake website and infests your computer or mobile phone with malware in some cases
3. At the website you willingly furnish your password or account details, having been so deceived
4. Your account is hacked for other data and money transferred out of your bank account in apparently legit transaction as seen by your bank

What makes this new phishing email outstanding is that it does appear to know you already! Did I hear you say creepy? Of course it is. It goes contrary to some of what we already  know about phishing in cyberspace. Let us use the example cited on the Microsoft Security and Safety Page

Two out of the symptoms of phishing outlined by Microsoft is that they contain grammatical errors and bad spellings and malicious link. The “super” phishing email was crafted perfectly. No misspellings according to BBC Radio 4 staff, Shari Vahl - the address was spelt correctly and the email stating she owed £800. Shari Vahl is part of the BBC Radio 4's “You and Yours” team who were amongst those to receive the fraudulent mail which claimed they owed hundreds of pounds to UK firms. She was smart enough not to have clicked on the link. The firms involved are also reported to have been inundated by floods of calls from affected recipients’ of the email.

In my experience, for the team to have been attacked with such threatening email, someone must have followed a malicious link. Working with my former employer in a DTV firm, I noticed an email with a phony link and content requesting me to download a file to verify a legal document. It was an html file. The mail appeared to come from my colleagues. I knew right away it was phishing as I never had any legal issues. Clicking such links gives the criminals access to your contact details. That is what I believe happened with the BBC team

What to do when you receive a suspicious mail, phone call or SMS

• If you receive a suspicious mail with contents not related to any recent activity, never click on the link included. According to Dr Steven Murdoch, principal research fellow at the department of computer science at University College London, clicking such links has potential to install malware such as Cryptolocker, which is a form of ransomware that will encrypt files on Windows-based computers and then demand a fee to unlock them.

Sample Ransomeware message on a user PC screen

• Delete the email and do not send any requested information to the originating address or any alternative provided. If the sender appear to be a person you know, notify them immediately of the need to secure their accounts by changing their passwords. In my case, the mails appeared originating from my colleagues’ mail address thereby making any unsuspecting recipient to click on the included link.

• If the mail is disguised as coming from you bank, call your bank for verification and delete the email. Do not follow the links. I have seen a reputable bank get cloned by cyber criminals who direct innocent individuals to them using such links only to have them part with valuable information. Too bad isn’t it? An example of an SMS I received just before writing has the following as content: “Dear customer, your ATM has just been De_Activated due to the new BVN upgrade. Contact customer care on 08141575407 for Re_Activation. Thank you” and the originating number is +2349035349766. If you are reading from Nigeria, note this very strongly and inform friends, family and associates.

• If the mail touches on Facebook or other account having been compromised, simply change the passwords for the accounts concerned. I once had a colleague who was shut out of her Facebook account for clicking on such links. The hacker even changed her profile picture and name, but you could still see her photos and other stuff.

• For spam calls or messages, you may do well to install spam filters like Truecaller. Thousands of users do help the app maker update the spam list. It has been keeping me sane for long now. All you need to do is to add the spamming or suspicious number to your block list.

To conclude, the best way to stay safe and keep your ID and other data safe is to treat phishing and other suspicious messages as that: suspicious. Also do well to familiarize yourself with details of bank, organisations etc as much as you can to think ahead of the criminal minds. They exploit information you may not know. If you know your bank's customer service email address or contact number there is no way you can mistake a criminal source as theirs. If you have not engaged in any business or if you have no idea of an issue raised in any email from unknown sources, never you get curious. Delete as soon as possible without batting an eyelid.

Enjoyed this post? Please share this with those that matter in your life and with associates and stay safe.

Don’t forget to subscribe to this blog posts for future updates. Join us too on Facebook and twitter using any of these to follow on social network or via email feeds using these links: Da HotGrid or Facebook or on Twitter. You can also subscribe to our email via feed burner below. Don't forget to re-share please.