Transmission

XMission's Company Journal

Avoid the Dangers of Phishing

2 Jun, 2009 admin Security & Safety, Tips & Helpful Information

Most people have heard of scams where a fake email is sent to a user’s
email, usually pretending to be from a credit card company or bank.
These are called, “Phishing” emails, because they lure users into
thinking that they need to reply.

Phishing emails are dangerous and have potentially catastrophic effects.

One particular type of phishing email could be the most malicious of
them all: an email pretending to be your email provider that asks you
for your account and personal information. Do not be fooled.

Read below and learn about phishing attacks, what you can do and what
XMission does to protect your accounts.

How phishing attacks happen.

Phishing is an elaborate form of data and identity theft. It works by
persuading users to respond to emails asking for personal information or
to go to a website where information can be entered. These are so
effective because the emails usually look trustworthy and sound like
plausible scenarios.

How to spot a phishing email.

While phishing emails often differ, they almost always look legitimate
and always ask you for something confidential.

Examples of email subjects:

  • “Verify Your Account”
  • “Email Upgrade”
  • “Update Your Email Account”
  • “Your email account has been suspended!”

Examples of From:

  • “Xmission Admin”
  • “Support”
  • “Webmail Support Team”
  • “email@xmission.com”

Example of a Phishing body:

Confirm your email account by filling in the details below:

Username:

Password:

Why it’s so difficult to stop.

Often, phishing emails come for legitimate email accounts that have been
compromised, which is what XMission has been dealing with recently.

Phishers use a variety of camouflage techniques to avoid being detected
by our antispam/antiphishing systems by using:

  • Random letters or famous quotes in the subject or in the body of the
    email;
  • Invisible text in HTML emails;
  • HTML or Java content instead of plain text;
  • Pictures only (no other text in the email body).

Potential consequences:

By replying or following links inside emails like these you can do more
damage than you might imagine.

Common Examples of what phishers can do:

  • Use your information to run up your bank accounts
  • Open new accounts, credit cards, loan or contracts in your name
  • Have access to all of the confidential emails you receive from your bank

Don’t fall for it:

Follow these tips to stay safe:

  • Don’t ever reply to emails that ask for personal/confidential
    information
  • Forward the email to spam@xmission.com and then promptly delete it
  • Do not click links in emails unless you were expecting the email
  • Do not fill in forms that request information. Any trustful provider
    will use a secure website and digital certificate

Safety:

Customers with “@xmission.com” email addresses can verify that they have
spam filtering enabled on your account, this catches almost all phishing
attempts. You can verify that filtering is enabled by going to
http://webmail.xmission.com and entering your login information. There
you will find a button called, “Filters”. Business customers have
filtering enabled already, unless requested otherwise. If you have
questions, you can always go to http://chat.xmission.com and talk with
one of our technical staff or call us at 801-539-0852.

Use an antivirus program that helps detect malicious emails and websites

What XMission does to protect you:

We have full time staff that monitors incoming and outgoing email for
spam, phishing and other potentially harmful traffic

XMission uses Spamassassin on its five email scanning servers
(http://spamassassin.apache.org) and is constantly writing rules to
account for trends in spam and phishing emails (see: What is
Spamassassin below)

We have Email Admins available around the clock to respond to phishing
emails.

We keep details statistics that you can view at:
http://postmaster.xmission.com

Our systems have been configured to automatically detect phishing emails
and notify our staff

What is Spamassassin?

Excerpt from spamassassin.apache.org

SpamAssassin uses a wide variety of local and network tests to identify
spam signatures. This makes it harder for spammers to identify one
aspect which they can craft their messages to work around.

If you’d like to get into the details of our filters, you can visit:
http://postmaster.xmission.com/senders/spamassassin/

Facebooktwitterredditpinterestlinkedinmail

, , , ,

Comments are currently closed.

XMission Links + Resources

XMission.com Live Support Chat User Login Support Wiki

Recent Posts

Archives

Subscribe + Follow

Sign up to receive breaking news as well as receive other site updates. Alternatively you can subscribe to our RSS feed or follow us at Twitter.