What is email phishing, and how to avoid it?
According to a survey, 57 million internet users in the US have received spoofed emails, and 1.7 million users and gave out sensitive information.
What is email phishing?
Email phishing is the use of emails to acquire sensitive information from users deceitfully. It also involves getting users to download malicious apps and software that compromise privacy and security. Phishers may use more elaborate methods such as disguising as a legitimate company or organization.
Ignorance is bliss, but ignorance can get you in a lot of trouble in this technology age. Despite the countermeasures taken to combat phishing, cybercriminals still develop new ways to scam people. You have to stay informed of phishing techniques. This will reduce the risk of being scammed.
Some of their techniques include:
Link manipulation: Link manipulation is a common method used in phishing attacks.
Malicious links are sent to individuals disguised as real ones. When clicked, these links take users to a different website. These links are often slightly misspelled. Phishers also manipulate and use subdomains to deceive people.
These hackers sometimes will change the display text to reflect that of a legitimate site. You can see the true website by hovering your mouse of the link. Hovering over these sites will reveal the true URL.
People who read their Emails through their mobile phones may be more susceptible to this kind of attack because most mobile apps do not have this preview feature.
Covert redirection: Phishing emails may use real websites as a piggyback to get your data. Attackers that use this method take advantage of XSS vulnerabilities in your browsers. They may corrupt the intended site with a login pop up. Users click on these pop-ups thinking they are being led to the right web page.
They can also use web extensions in your browser to carry out a phishing attack.
Types of email phishing.
Most times, attackers send phishing emails to thousands or millions of people. This overwhelming number of emails increases their chance of success. Unsuspecting people click on their links and follow through the scam. This shotgun approach is called bulk phishing.
Sometimes certain individuals in an organization or company are targeted. These attackers obtain information such as their names and addresses. Sending them a personal email with their names on it will fool them into thinking it is a legit email from the company. An example of this was the 2016 phishing scam on Hilary Clinton’s Presidential campaign staff.
Whaling is another form of spear fishing. The only difference is that in a whaling attack, higher consecutive in an organization are the victims.
Why phishing emails work.
More often than not, phishing emails generate a sense of emergency. They may also take advantage of a crisis to make their message seem more urgent. These emails often tell you to validate your login or credit card details before an expiration date.
They use many methods to achieve this. You may receive an email from your bank or from an organization such as PayPal, saying that your account has been compromised.
Phishing emails take advantage of our human nature. They leverage emotions such as greed, sadness, or pity. A spoof email may tell a person they have won an iPhone or a boat trip and all they need to do is give them some personal details.
Some may inform you that you are eligible for a tax refund. This is a classic email phishing technique.
A ‘dear friend’ could send you an email telling you he/she is a pinch, and they need your help immediately. You should look out for emails like these.
How to spot and avoid phishing emails.
Generally, you should be wary of any message that urges you to make a transaction or do something important. Most people who have been phished click on these links without taking time to carefully inspect the email.
These tips will help you spot one faster than most people.
Check their domain name.
Most organizations do not use a public domain. They have their company accounts and email domains. This may be the first sign of a phishing email. If an organization sends you a mail and has a public domain such as Gmail or Yahoo, you should be suspicious.
Another thing to look for is the email address of the sender. It is easy to look past the rest of the email and go to the message’s main body.
Most times, these domains are usually misspelled or have extra characters. For example, phishers may use a domain named as legalmaters.com instead of legalmatters.com. You may not notice these differences because they are very subtle.
Look out for grammatical and spelling errors.
It is important to know that not all emails with spelling errors are phishing emails.
If you read through an email and find spelling mistakes, you may be one of the countless targets of a phishing scam. Luckily, spelling mistakes are easy to make out.
More determined cybercriminals will run their messages through spell checks and other tools. All the spellings may be correct, but some grammatical blunders and wrongly used vocabulary might still be present.
If you receive emails from your bank or any service provider without attachments and you suddenly find one thread with caution. Downloading one of these attachments will infect your computer or phones with malware, spyware, or ransomware.
Update your computer and browsers regularly
Software service providers churn out regular software updates to help combat against cyberattacks. These patches address loopholes and other vulnerabilities. You can also install an anti-phishing toolbar that helps check the sites you visit and certify them.
For organizations, proper training should be given to workers. Multi-factor authentication and strict password management should be implemented.
Do not reveal sensitive information on social sites.
Attackers can use social media sites like Facebook or Instagram to target people. You should be careful not to share sensitive data on these sites.
If you suspect you have been sent a phishing email, you should report the email to the appropriate channels, such as a government-operated website. They can also help if you believe you have given information to cybercriminals. You can also report a phishing email to your email provider.