There's a threat online that's become all too familiar to internet security professionals. These phishing attacks, as they're called, typically come in the form of an email that looks totally normal and genuine, with the aim of convincing the email recipient to provide personal information like passwords, credit card details and banking information. Student bank account holders can be a easy target for the hackers as they are not too aware of hacking tricks. Hackers may also target organizations and private agency employees to steal sensitive data. Even organizations with the high standard of security have fallen victim to these attacks.
Internet marketing companies use a whole lot of online accounts that deal with company and client information. Here at TechWyse, we use a plethora of tools and software for secure and efficient client and resource management. The great peril here is that the login details are shared among a number of employees. This warrants the utmost attention to information security in our company.
Some phishing emails come with malicious programs such as keyloggers. It is very hard to guess the legitimacy of an email by looking through the content. However, here at TechWyse we've developed an intricate process for protecting ourselves and our clients from phishing threats. In this article, we share the top 10 tricks we use to spot fraudulent phishing emails.
1. Double check the origin of an email before responding to it. Never share anything with an unfamiliar email address. Attackers can easily create a seemingly-normal email address to gain the trust of their victims.
2. Double check the URLs before filling in login forms. This is very important because hackers can create fake URLs and login pages. Sometimes they mask fake URLs with URL shortening services. Here is a simple example of how people give out their Facebook login details.
3. Never share bank related information via email. Legitimate emails will never ask you to share sensitive information. Most phishing emails are sent out for this purpose.
4. Never use login forms embedded in emails. Instead, access the webpage directly from your browser.
5. Don’t forget to check for security certificates or valid SSL authentication before submitting login forms.
6. Check and ensure the legitimacy of emails by searching for their domain on Google. For example, legitimate companies will never use public email providers like Yahoo, Gmail, Outlook etc.
7. Check the webpage layout, URLs and components on their website when submitting logins or transaction forms. However, hackers are able to create fake login forms that look genuine. It’s important that you’re aware of this and look for signs.
8. Emails narrating a tragic story of a princess from a faraway country who will transfer her multi-million dollar inheritance if you can send a short term loan. I’ve received a ton of these. If you respond, they will ask you to share personal information.
Here’s an example:
9. Some hackers ask you to share your biographical information or resumes. Always ensure the legitimacy of the request by searching about the job offer or company mentioned in the email.
10. Emails saying you've won an expensive prize that you can only claim once you've provided personal details. If it seems too good to be true, it probably is!
It's important that you're aware of all the mishaps that can occur online. Phishing is the most common type of malicious attack, but there are other ways for fraudsters to get a hold of your information. Keep your guard up and stay on the lookout for all kinds of attempts to steal information.
on
Thank you Sasneh. Have personally been a victim to these phishing attacks. Thanks for sharing your knowledge
on
Phishing is a term derived from the English word “fishing”. The term illustrates what it’s all about: fraudulent fishing or fishing of sensitive data such as passwords using various baits on the Internet.You can see them everywhere, they offer free vouchers and much more. But what they actually want is our data. The term phishing refers to attempts to access the personal data of an Internet user via fake websites, e-mails or short messages and thus commit identity theft.
More and more people fall for it, because who says no to free gifts? With many sites it is not quite obvious that they only want to get at the username and password. Always check the URL in detail before clicking. If you receive a link via email, social media, or other means, take the time to check the link before clicking. You don’t have to be an expert to spot suspicious links. Pay attention to the most common features. Fake links usually try to imitate the existing site, often by adding unnecessary additional words or domains.It often works like this: if you click on the link, the message is forwarded to all contacts. If you have revealed your data after all, you should change it. That’s why, always watch what you click on.
on
Thanks for sharing, I briefly worked in web security and it’s amazing that not a lot of people understand what a really bad phishing attack is, I had to type out a long email to explain to our users how they can prevent a phishing attack. It’s basic knowledge at this point.
on
Thanks for these tips. I’m the email administrator at my work and have to deal with lots of phishing emails almost on a daily basis. Every now and then I send a massive email to our users and now I’m going to make sure to inclue some of your tips on my next one.
Basically what I recommend our users to stop phishing is:
1. Never give away personal or financial information
2. Never follow an active link from whithin the email body
3. Do not download attachments unless the user knows the sender and is expecting such file
4. Never open an email where the user is not the intended recipient
Is a small list but I think it covers the essentials.
on
Its interesting that some grammatical and spelling mistakes are done on purpose in some of the phishing emails.
They don’t want to make the holes in the net too small and catch people who’ll waste their time.
They want to catch the less observant who are more likely to go along with what’s requested and any further contact or interaction.
I’m going to send a link of this article to our staff (there are many who just don’t seem to understand or forget that emails can’t always be trusted).
Thank you for this clear and well written article
on
Thanks for the great article Sasneh. Especially liked the number 6. Very nice and detailed work, keep it up!
on
Thanks for sharing Sasneh. I have also found that hackers can use a compromised email account of a friend or acquintance to send an attachment or link to their entire address book. The email typically contains only the link or attachment without any other content
on
Thanks for the comment Walter. I’ve read about it. In my opinion, the best way to just stop spam attacks is to not disclose your email address on unfamiliar sites. Crackers come up with so many creative ways to steal your info – some are just cruelly beautiful.
on
Even for “savvy” folks… we do sometime slip.
Another tip, I use “WHO IS” to check the domain ownership… and most times i don’t reply.
This is helpful if you have a form on your own site and offer a free report/consultation… helps determine if it’s a truth worthy site.