Telus Corporation Warns Users Of Phishing Attack

By Author: eccuni
Total Articles: 211
Comment this article

Phishing has been one of the common forms of attacks used by cybercriminals for over a decade. However, in the recent years, phishing e-mails have become more sophisticated and targeted. Recently, Telus Corporation, a major Canadian national telecommunications company warned customers of e-mail phishing scam. The phishing e-mails appear to come from Telus Corporation. The company has witnessed alarming increase in the volume of the phishing e-mail. Telus has identified two forms of phishing e-mails. One of the scam e-mails asks customers to upgrade to a new security system, while the other asks customers to verify their accounts.

The e-mails are cleverly crafted and designed to extract confidential information from Internet users. Users are tempted to follow the instructions provided in the e-mail as they appear to come from a legitimate organization. The phishing e-mails may also contain links directing customers to a fake site. The confidential information sought through phishing may include credit card details, user name and password, name, age, mailing address and contact numbers. Unwary users may reply to the e-mail ...
... and compromise their personal and financial information. The extracted information could be used for gaining unauthorized access to user accounts, stealing funds, conducting unauthorized transactions and creating fake credit cards. The compromised information could also be used to impersonate an individual to open fraudulent credit card and loan accounts. They may also create fake online shopping and other Internet accounts to conduct fraudulent transactions.

Telus has alerted customers to be vigilant of e-mails and phone calls purportedly coming from a legitimate company and seeking personal information. Cyber security awareness among users is crucial to deal with such threats. E-brochures, advertisements, online degree and video tutorials may be used to educate users on cyber security tips. Users must avoid e-mails requesting personal and financial information. They must be wary of words like account update and verify in the Unique Resource Locator (URL). When users click on a padlock, a legitimate site will display security certificate. Fake sites only have simulated padlocks and will not display any information.

Phishers collect information from various sources, register counterfeit domain names, and build fake websites or web pages that are identical to a legitimate site. The e-mails urge the targeted customers to initiate prompt action. Customers of banking and online shopping sites are frequently targeted by phishers. Attackers target users by spoofing legitimate e-mail addresses and domain names, insert malicious scripts on legitimate websites. They also make use of bots to send malicious links by exploiting the growing use of Instant Relay Chat (IRC). Phishing attacks may come in various forms such as man-in-the middle attacks, URL obfuscation attack, key logger attack and session hijacking. Phishers may also use hidden frames and graphical substitution to create fake content and deceive users.

E-learning programs and training sessions could be used to create awareness on security threats among employees. They could also be encouraged to undertake online university degree and refresher courses on cyber security.

Organizations must have proper monitoring mechanisms in place to monitor employee activity. Hiring IT professionals qualified in masters of security science could help organizations in framing appropriate IT security policies and guide employees on information storage, password construction, evading social engineering threats and handling suspicious e-mails.