Phishing is a fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing[ or instant messaging,it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.
How Can You Identify a Phishing Email?
1. Suspect grammar and punctuation
Professional copywriters go to great lengths to create emails with well-tested content, subject line, call-to-action etc. It is very likely that any email that contains poor grammar, punctuation or shows an illogical flow of content is likely written by inexperienced scammers and are fraudulent.
2. Asking for personal information
Established brands never ask you for sensitive information via email. Any messages asking to enter or verify personal details or bank/credit card information should be treated as big red flags.
3. Alarming content full of warnings and potential consequences
Hackers can send messages that cause alarm by telling you things like one of your accounts has been hacked, your account is expiring, and that you may lose some critical benefits immediately, or some other extreme condition that puts you in panic. Such content is typically formatted to create alarm and a sense of urgency with the intent of driving the user to take immediate action.
4. Urgent deadlines
In this pattern, hackers send out an email about some pending deadline. For example, a hacker could send out a renewal email about an expiring insurance policy, or a limited validity discount on some deal that might be of interest to the target. Typically, such emails lead users to data harvesting sites that end up stealing valuable personal or financial information.
5. Offer of large financial rewards
This pattern includes emails claiming that you have won a lottery when you never purchase one, offer of a large cash discount on something that you never purchased, large prize money in a contest that you never enrolled for and so on. The actual intention is usually to direct you to a site where the scammers can get your personal or financial information.
Obviously, these patterns are by no means all-inclusive and creative hackers are constantly investing in clever techniques to trump you. Effectively learning how to prevent phishing will require a similar commitment from your side.
Phishing Prevention Best Practices
The patterns presented above provide general guidelines for spotting phishing emails. In addition, there are a number of other best practices that users can use regardless of the presence of any specialized software in order to prevent phishing. These include…
1. Avoid using public networks
Email communications over public networks are often not encrypted. Hackers could use this limitation to sniff out important information such as account username and passwords, saved passwords, and other financial details. Of course, rogue hackers may setup completely free hotspots and lure you into providing sensitive information even without sophisticated data sniffing technologies. A best practice to prevent phishing when using public networks is to use your mobile’s tethering and hotspot capabilities to work with its 3G/4G data connection rather than relying on public networks.
2. Watch out for shortened links
Shortened links do not show a website’s real name and hence, can be more easily used to trick the recipient into clicking. Hackers can use shortened links to redirect you to fake look alike sites and capture sensitive information. Always place your cursor on the shortened link to see target location before clicking on it.
3. Verify the target site’s SSL/ HTTPS credentials
SSL technology ensures safe, encrypted transmission of data over the internet. If you click on an email link and land on a site, then always verify its SSL credentials. A highly effective technique to prevent phishing is to never give out sensitive information (passwords, credit card details, security question answers etc.) on sites that do not have a valid SSL certificate installed.
4. Beware of pop-ups
Using Iframe technology, popups can easily capture personal information and send to a different domain to the one showing up in the browser toolbar. Reputed, established sites rarely ask to enter sensitive information in popups and as a rule of thumb, no personal information should be entered in pop-ups even if they appear on domains with valid SSL and have passed all other phishing checks.
5. Viewing the link instead of click
When you receive any email which consist of links, do not directly click on to it. The link can be anything malware featured which could end up damaging or steal your information. Following is such phishing technique which we face sometime in our daily life. We see the link in blue color seems exciting and we trusted and develop some trust and we click. That’s not a good practice to stay safe in online when it comes to internet age.
We received the mail and what we have to do is just hover the mouse over the link and but do not click. We will see the original destination of the link when we hover on the link here it will take us to “www.badguys.com” but not “www.dalailama.com”
6. Attachment preview
- Open the inbox with the attachment you want to preview.
- Using your pointer, hover over the attachment thumbnail, and select the attachment file name. …
- You can now look at, read, watch, or listen to the attachment without downloading it.