Magazine

Cybersecurity Tips: How To Spot A Phishing Email

Posted on the 18 October 2019 by Katy Perry
Phishing is one of the most sophisticated strategies hackers use. And the most effective one to make you part with your login credentials or other sensitive information. It relies on exploiting your sense of responsibility and being compliant with the requests of an authority. It’s a combination of the dark aspects of psychology and IT:
  • hackers need to convince you,
  • but they also need to create a fraudulent website that collects your password, infects your device, and so forth.

Thus, it’s imperative to look at some concrete examples that will help you to recognize phishing. And, of course, to get some cybersecurity tips to avoid becoming a victim and stay safe online.

Let’s begin!

Examples of Phishing Emails

Example 1: Fake Amazon Email

Most often, hackers bait you into clicking a link that takes you to an infected website. And they go to great lengths to make that website look legitimate. That’s evident from this fake Amazon email. You have no recollection of ordering something from Amazon, so you want to click the link and see if there was some mistake. By learning more about the “status of your package,” you visit a site that looks like it belongs to Amazon. There’s only one problem: it’s fake. It may be full of viruses, trojans, and other malware. And you don’t want any of that on your device.

Example 2: Fake eBay Email

Many people have also reported fake eBay emails. In this case, you get a so-called automated message that’s letting you know about a message you’ve received inside of the platform. Of course, to view it, you have to login by using your username and password. As soon as you do, gotcha! You’ve just given your login credentials to the hackers.

The link that leads to the website may look legitimate. And the graphics in the login form may be identical to the real eBay website. But don’t be fooled. Hackers are talented, and it can all be a spoof. Whenever you’re unsure, it’s better to visit the official site by entering the address in the URL bar of your browser.

Bonus Example: Extortion Emails

It’s not phishing per se, but another way hackers monetize their efforts is extortion scams. An example email comes from a so-called hacker. They tell you that they have infiltrated your network, broken into your PC, or something similar. Right off the bat, you’re informed that they know you ‘visit shady and/or adult websites’ and that they have all the system and browser logs or webcam records to prove it. Comply with their request and pay the money or suffer the consequences of having your shameful acts released to the public, forwarded to your boss, etc. The catch? It’s a bluff. A 13-year-old could come up with such an email. But if it’s more severe like a threat to your safety or life, do not hesitate to get the authorities involved.

How to Recognize Phishing

With the examples out of the way, here are some tips on how to stay safe by recognizing the most common warning signs of a phishing email.

1. The Addresses Within Look Fake

If you see things like admin @ m1crosoft .com, it’s a spoofed address. Also, check the links in the email — hover over them with your mouse before clicking. If they lead to a fraudulent website, the real address will be visible in the bottom corner of your browser.

2. Spelling Mistakes

Not every phishing email is written by an industry professional. Some are, indeed, written by 13-year-olds, often accompanied by bad grammar and spelling mistakes. Would a legitimate company ever risk sending out an email in such a poor state?

3. Pressure

By pressing the right buttons in one’s brain, it’s possible to provoke a panic response in the target. It can be an alert that one of your accounts has been compromised or will be closed if you don’t act right away. The pressure is always a common denominator in phishing emails.

4. There is a Strange Attachment

Not opening attachments is one of the essential cybersecurity lessons. If you must, always scan it with antivirus software before opening. But even so, it could contain links to an infected website, so caution is in order.

5. The Email Requests Personal Information

Personal information is what it’s called – personal. No legitimate employee of any company would ever ask you to hand over your password. Extortion emails, though, sometimes use the leaked passwords to convince you of the sender’s hacking skills. Sending you your password is a scare tactic. If that happens, don’t panic and don’t believe that the sender hacked you. Better yet, check if your accounts were exposed in a data breach and change that password right away. To go a step beyond what’s necessary to protect it, use a password management software like NordPass. That way, you won’t have to burden your memory with dozens of passwords. Nor will there be a need to store them in a plain text file or write them down on a physical piece of paper.

Conclusion

Phishing emails, although based on similar principles, keep evolving every day. If you know how to recognize them, you stay one step ahead of the bad guys. They will have to pick on an easier target instead.


Back to Featured Articles on Logo Paperblog