From 489ba61baf97b9c51a7afb8bb2975e31a8b64201 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tiago=20Ara=C3=BAjo=20=5BSSW=5D?= Date: Thu, 6 Feb 2025 08:59:50 -0300 Subject: [PATCH 1/2] Added related rules on pishing --- rules/recognizing-phishing-urls/rule.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/rules/recognizing-phishing-urls/rule.md b/rules/recognizing-phishing-urls/rule.md index 945e50b9b9c..36ec705d92a 100644 --- a/rules/recognizing-phishing-urls/rule.md +++ b/rules/recognizing-phishing-urls/rule.md @@ -6,6 +6,8 @@ uri: recognizing-phishing-urls authors: - title: Matt Goldman url: https://www.ssw.com.au/people/matt-goldman +related: + - recognizing-scam-emails created: 2022-03-17T05:47:34.156Z guid: 668d37e3-deeb-49db-9ad2-043b8c1dbdbd --- @@ -28,36 +30,36 @@ You should always check that the **domain** matches the service or website you a http://linkedin.com.sggr.ru/someaddress ::: ::: bad -Bad Example – The address has LinkedIn in it, but it is a sub-domain, not the domain +Bad example – The address has LinkedIn in it, but it is a sub-domain, not the domain ::: ::: greybox http://linked-in-hq.com/linkedin/myprofile ::: ::: bad -Bad Example – The address has LinkedIn in it, but it is in the path, not the FQDN. The FQDN is also suspicious +Bad example – The address has LinkedIn in it, but it is in the path, not the FQDN. The FQDN is also suspicious ::: ::: greybox http://linkedinalerter.com ::: ::: bad -Bad Example – the address has LinkedIn in it, but is not a legitimate LinkedIn site +Bad example – The address has LinkedIn in it, but is not a legitimate LinkedIn site ::: ::: greybox https://linkedin.com/someaddress ::: ::: good -Good Example – LinkedIn is a secure domain +Good example – LinkedIn is a secure domain ::: If you are curious about a URL, and think it might be legitimate, you can [check the Whois record](https://whois.domaintools.com) to see who owns the domain. ::: bad -![Bad Example – ANZAlerter.com is NOT owned by ANZ](bad-whois.png) +![Bad example – ANZAlerter.com is NOT owned by ANZ](bad-whois.png) ::: ::: good -![Good Example – the domain ANZ.com.au is owned by ANZ](good-whois.png) +![Good example – The domain ANZ.com.au is owned by ANZ](good-whois.png) ::: From 75dbe081ec2bf33a85558f119d2e724d59d204c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tiago=20Ara=C3=BAjo=20=5BSSW=5D?= Date: Thu, 6 Feb 2025 09:01:18 -0300 Subject: [PATCH 2/2] Update rule.md --- rules/recognizing-scam-emails/rule.md | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/rules/recognizing-scam-emails/rule.md b/rules/recognizing-scam-emails/rule.md index 15a190b1347..19fae892e68 100644 --- a/rules/recognizing-scam-emails/rule.md +++ b/rules/recognizing-scam-emails/rule.md @@ -10,6 +10,8 @@ authors: url: https://www.ssw.com.au/people/warwick-leahy - title: Prem Radhakrishnan url: https://www.ssw.com.au/people/prem-radhakrishnan +related: + - recognizing-phishing-urls created: 2022-03-17T05:39:07.720Z guid: ef89a713-c51d-45e0-8c14-2ca010eec387 --- @@ -21,13 +23,13 @@ Most email scams are actually quite easy to spot, and this is deliberate. People These simple techniques will help you identify scams and avoid falling prey to attackers. -### Tip #1: Be wary of unsolicited emails +## Tip #1: Be wary of unsolicited emails An unsolicited email is an email that you weren’t expecting. For example, a popular scam a few years ago was to send an email purportedly from the postal service, claiming you have an undelivered package. The recipient was directed to click on a button or link in the email to arrange redelivery. Another popular scam was an email claiming to be a parking or speeding fine. While these can be scary, and often people want to resolve them as soon as possible, it’s important to take a breather and remember that neither these nor missed delivery notifications get sent by email. -### Tip #2: Check the email address (and not just the name) +## Tip #2: Check the email address (and not just the name) When you send or receive an email, the recipient lists an email address and a friendly name. The friendly name can be changed to whatever you like, without impacting where the email comes from. @@ -41,7 +43,7 @@ When you send or receive an email, the recipient lists an email address and a fr It’s important to note that this is just one tool in your arsenal. Attackers can spoof email addresses too, so if you have any doubts, you should ask your SysAdmins to help you check the message headers, or do a message trace for you. But an incorrect email address is a dead giveaway. -### Tip #3: Be wary of language used +## Tip #3: Be wary of language used ::: bad ![Bad example – The attacker has referred to the recipient as ‘Matt’, which the sender does not call him](bad-language-example.png) @@ -51,23 +53,23 @@ It’s important to note that this is just one tool in your arsenal. Attackers c ![Good example – Easy to distinguish as the sender refers to the recipient as ‘Goldie’ and includes the sender’s signature use of emoji](good-language-example.png) ::: -### Tip #4: Never open attachments that you are not 100% certain of +## Tip #4: Never open attachments that you are not 100% certain of If you receive an unsolicited email asking you to open an attachment you should delete and ignore it (or report it to your SysAdmins or security team if you have additional concerns). There may be some cases where you have a suspicion that the email may be legitimate. In these cases, DO NOT reply to the email asking them to confirm (see the section below on checking mailbox rules). Instead, contact the sender via another means (e.g. call them on the phone or on Teams). Only open the attachment or click on the link if you are 100% certain, having verified with the sender, that the email is legitimate. -### Tip #5: Check the URL of links +## Tip #5: Check the URL of links Malicious emails these days often include a link that the recipient is directed to click on. This can sometimes be to a phishing site, and sometimes it’s a link to some malware (e.g., ransomware which will encrypt all the recipients’ files, plus those on any shares they have access to, demanding a ransom to unencrypt them). Linking to malware avoids them having to worry about the malware being stripped out by malware filters in the email system. Before clicking on a link in an email, hover over it to see where it goes. -### Tip #6: Legitimate services will never ask for your password +## Tip #6: Legitimate services will never ask for your password You will never receive a legitimate email asking you to disclose your password (or any other sensitive information for that matter). An email that asks for your password, or asks you to click on a link to ‘confirm’ your password, is a scam and should be deleted immediately (and reported if advised to in your corporate security policy). -### Tip #7: Check your mailbox rules +## Tip #7: Check your mailbox rules A particularly nefarious scam is for an attacker to take control of your mailbox, but hide rather than changing the password and locking you out. By not alerting you to their presence, they can squat there for longer and do more damage. A common scenario is to email your contacts and ask them to change their payment details for any invoices to an account controlled by the attacker. @@ -77,12 +79,12 @@ If you have any reason to suspect any strange activity in your account, check yo ![Figure: Some URLs are harder to identify because of a safelink service](hard-to-catch-safelink.png) -### Tip #8: Subscribe to the Australian Cyber Security Centre's (ACSC) alert service +## Tip #8: Subscribe to the Australian Cyber Security Centre's (ACSC) alert service The Australian Cyber Security Centre (ACSC) leads the Australian Government's efforts to improve cyber security. They monitor cyber threats across the globe 24 hours a day, seven days a week so they can alert Australians of cyber threats. Visit and register [on ACSC website](https://www.cyber.gov.au/acsc/register) to receive alerts for the latest cyber threats. -### Tip #9: Test your skills +## Tip #9: Test your skills -Visit and test how good you are at recognizing a phishing email. +Visit [phishingquiz.withgoogle.com](https://phishingquiz.withgoogle.com) and test how good you are at recognizing a phishing email.