Phishing scams are a form of cybercrime that involves defrauding users to obtain sensitive information. Cyber criminals act as legitimate companies or organizations to obtain the information and credentials.
The main way online thieves get these credentials is through sending out emails that look exactly like official emails from your bank, credit card company, PayPal, Amazon or other online companies or services.
Real-life example of Phishing
I was in the office one day a couple of weeks ago when I received a text message from … According to the message, my credit card had expired and I was invited to click on the link in the text to update my details. I checked my credit card status independently with the bank and there were no issues. The text was enough to force me to carry out some due diligence though, and had I not worked in the security industry I may well have clicked on the link!
How to Identify a Phishing or Spoofing Email
Here are some tips on how to identify a phishing or spoofing email.
-
- Don’t trust the display name A favorite phishing tactic among cyber criminals is to spoof the display name of an email. Check the email address in the header from—if looks suspicious, don’t open the email.
- Look before you click When you hover over a link in Outlook or a web browser, a small window pops up to show you where the link really goes. If the real link doesn’t match the sender or doesn’t match what you expect, assume it is poisoned and don’t click it.
- Check for spelling mistakes and bad grammar Authentic messages usually don’t have major spelling mistakes or poor grammar. If it’s written poorly, don’t open it.
- Review the salutation and check for legitimate contact information If addressed to a vague “valued customer” or “dear user” it’s probably a phish. Lack of details about the sender or how you can contact them or their company strongly suggests a phish.
- Don’t give up personal information Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up.
- Don’t trust an offer that seems too good to be true If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.
- Beware of urgent or threatening language in the subject line Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”
- No Clicking on Attachments Either Hackers embed malicious attachments that contain viruses and malware in their phishing emails. Malware can steal your credentials, damage files on your computer, or spy on you without you ever knowing.