When an email arrives saying you’ve ordered a pizza and it’s on its way, most people think, ‘I’ve got to stop it, it’s a mistake.’
But it isn’t a mistake.
It’s just a new generation of ‘phishing’ email, where cleverly targeted emails fool even cautious internet users into revealing personal details online.
The pizza order will prompt users to click on order details - in the process downloading software that can ‘breach’ their computer, handing control to cyber criminals.
Other cyber-crooks will then install software to steal bank details, or even to use the PC to send further spam.
If you’ve fallen victim to such an attack, it’s worth checking your email ‘Sent’ box to see if your PC has been corrupted into spamming others.
As web users have got smarter about emails purporting to be from banks, cyber criminals have turned to more effective lures.
Today’s phishing emails are more likely to be packaged as invoices, documents that many of us might open just to check the details, even if they ARE from an unexpected source.
Others are ‘order details’ from real-life pizza restaurants, using their letterhead - or package orders from delivery firms, which users panic and try to cancel.
But as with visiting a fake bank website, the emails will instead deliver a payload of malicious software into the user’s computer.
And the emails are set to go on getting smarter.
Other email attacks include a new trend for emails from people web users might know, claiming that they have been mugged abroad, have lost their phone and need money.
As soon as cyber criminals get the password to someone’s email account, they can send an email to all their contacts. If, by chance, the person happens to travel a lot, the attack can be highly effective, making concerned friends email back.
‘‘Hackers are in a perfect environment to ‘tune’ their attacks. If they send one email saying ‘Click on this funny cat video,’ and people don’t fall for that, they just try again,’ says Kevin Haley, Norton’s Director of Security Response.
Cyber criminals still rely on emails as a tried-and-true method to lure new victims - despite the arrival of new, hi-tech approaches such as ‘drive-by downloads’, where entire websites are ‘poisoned’ to infect visitors.
‘A lot of infections still come from emails,’ says Orla Cox of Symantec, ‘The social engineering has got cleverer. It will be a fake package order, or fake invoices. The key is still to not click on the attachment.’