Every year, the end of year holidays announce the upsurge of fraudulent e-mails mass campaigns. Indeed, cybercriminals try to profit from these periods when the vigilance is sometimes lowering, to launch phishing e-mails.
What are phishing and slamming?
Phishing is used by cybercriminals to obtain personal information in order to commit an identity theft.
In the world of phishing (for 80% of companies this is the entry vector for attacks in 2020), the slamming is a well-known variant that consists in encouraging domain names owners to renew their annuity with another registrar, by arguing the emergency and criticality of the concerned name’s loss. Concretely, this is an e-mail pushing its recipient to contract an unsolicited service and to proceed to the payment of this latter without delay.
Thus, the slamming can take the form of a fraudulent renewal bill, generally associated with intimidating terms like “Expiration notice”. Under the pressure of such e-mail, in general well built, it happens that the recipient then proceeds to the payment and is debited of an important amount for the so-called renewal.
In the same way, the slamming e-mail indicates that a “customer” of the sender, posing as a fake registrar wants to register domain names identical or similar to your brand. Then the fraudster proposes to register them for you in order to protect you from these troublesome registrations, of course, in exchange for an urgent payment.
Another kind of attack, the suspicious e-mail attachment!
Be careful of fraudulent e-mails with infectious attachments: a single entry point is enough to destroy a network!
The aim of a trap and thus malicious attachment is to pose as a legitimate file (PDF, Word document, JPG image…), while hosting and hiding a malicious code: this is what we generally call Trojans.
Some simple rules to protect against them
- Always stay alert when someone asks you your personal data;
- Do not ever open an attachment from an unknown sender, or from one who is not entirely trustworthy;
- Check the links by hovering the cursor over them (without clicking) to ensure that they link to trustworthy websites;
- Never reply under the pressure of this kind of solicitation and of course do not proceed to any payment;
- If there is any doubt, do not reply to the e-mail and contact the sender through another method who will confirm if it really is a fraud attempt or not.
Find on the Nameshield website a wallpaper to download to help you think about it more often.
First published at nameshield blog