SLE

Stop Look Evaluate

Most of us know what SPAM is, unsolicited email sent to you to draw your attention normally to buy something.  Phishing by definition are attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers. Sometimes these are obvious in their composition. Other times they are cleverly disguised as legitimate email from clients, suppliers, banks and financial institutions. Others come from software companies like Microsoft and even government departments.  So how do you deal with this issue when handling your email? The first thing to do when you see an unfamiliar email is to deploy the simple SLE rule –  Stop Look and Evaluate.

If a message arrives you are anticancer by Stop what you are doing.

  • Don’t click on any links in the email – this is what they want you to do
  • If prompted, don’t click to download any pictures in the message if Outlook has blocked them.  Pictures could contain malicious code that can infect your computer
  • Don’t reply to the email right away.

Look and Evaluate the message carefully to identify its sender and the content of the message. A couple of methods that aid doing this are examining the senders email address, and reviewing the content of the email message.

Verify the email address and the domain name

Verifying the senders email address is a good place to start the process.  Phishing messages are designed to look genuine, and often copy the format used by the organisation the scammer is pretending to represent, including their branding and logo. They will take you to a fake website that looks like the real deal, but has a slightly different address. For example, if the legitimate site is ‘www.realbank.com’, the scammer may use an address like ‘www.reallbank.com’.

Identify the domain name
  • First check the sender’s email address at the top of the message. Check the domain name behind the message, for example Someones_Name@suncorp.com.au. Suncorp.com.au is the domain name of the company Suncorp and this on the face of it would be legitimate.
  • You’ve received message from Suncorp about banking products. As above, the senders email address should be something like Someones_Name@suncorp.com.au. If it is Mshd3546322@xbot.com or carrie.talbot@hefta.com talking about Suncorp banking products, you can bet its malicious phishing SPAM. These are common unsophisticated phishing attempts
Domain names with .com.au and .com
  • An address with the extension final domain .au is most likely going to be legitimate as you require an Australian ABN to register such a domain.
  • An email with the final extension .com, .net, .org etc are known as top level domains, and these can be registered by anyone anywhere in the world without formal ID. So be wary of these if you don’t recognise the company or domain name. Note: The Internet began life in the US, so many US companies legitimately use .com and .net, even though the final extension .us is now available to them. Also, many established international companies use .com and .net extensions, for example apple.com. So a .com or .net does not automatically mean the message is illegitimate.

 

Recognising sub-domains
  • Consider this email address: jane@accounts.salesforce.com  We know that Salesforce is an international company using the final extension .com. But what of the accounts. included in the address? This is known as a subdomain where Jane would be working in the accounts department at Salesforce, hence accounts.salesforce.com. This is a  common practice. The final extension of the domain name is what you are looking for – salesforce.com.  This is the domain name of the company.
  • Now look at the following: jane@salesforce.refnor.com. Ignore the salesforce. part. Refnor.com is the domain name. Refnor.com is most certainly a fake company, based anywhere in the world and this would be SPAM.
Free email services
  • Be cautious of @gmail, @outlook.com or @yahoo.com addresses especially if they look something like Mes735463@gmail.com. Such email accounts are normally used by individuals and not companies.  If you dealing with individuals in your line of work, check the content of the email to verify it.
  • Be aware of something like microsoft-support@outlook.com. This would not be Microsoft. They would use support@microsoft.com , so again this is likely a spammer.

 

How to identify the domain name and what to do

Don’t ever, put an unrecognisable domain name into the address bar of your web browser. This is what they want you to do. The site once resolved could be infected and download a virus to your computer. Instead paste it in to Google and see what you get.

  • You might see no reference to the domain at all. In that case, right click the message and delete it.
  • You may see references on the Net to this domain as malicious. You have the option of right clicking the message for Junk options. Here you can (1) block the actual sender which means the actual email address or (2) block the domain entirely which means any messages form the domain will be blocked. Be careful with this option. You don’t want to block an entire domain if it is legitimate. And just because you don’t see it mentioned on Google doesn’t necessarily mean it isn’t. You can change these settings by right clicking any message in Outlook and move to Junk | Junk email Options.

You should regularly check these options to see who is blocked and equally who are marked as safe senders – you may be surprised what you find. You may have to read the above again to get your head around what I relaying here. But it will gel quickly and will be invaluable knowledge to help protect your business and personal data

Evaluating the content on a message

Here I’m going to direct you to the ACCC page on phishing and how to manage it. They have done a good job explaining the problem and I have used some their examples above: https://www.scamwatch.gov.au/types-of-scams/attempts-to-gain-your-personal-information/phishing

The golden rule is that if you weren’t expecting the email and the content doesn’t relate to your job, company or personal circumstances delete the message and or block the sender.