90 percent of the attacks takes place because of phishing, that includes the lack of knowledge to spot a phishing email.
Email is as important as any means of living in today’s “technological” realm. It is used for everyday communication across the world. Thus, it is necessary to understand the downside of it if we want to keep using it for its upside.
Lets start with the basics.
What is Phishing?
Simply put, its a sham. Its when a hacker (or be it anyone with adequate skills) tries to impersonate a legitimate website and con people by luring them to click on fake links on an email. These links usually asks for a person’s private/personal information which is sent to the hacker once they click on “Submit/Ok”. The intent is to steal money or any intellectual properly by posing as “you”.
Sometimes… Actually, in most recent times, phishing has become one of the major gateway to a data breach.
So how do you stay vigilant?
Here is how,
- Rule number one, read your email carefully. This includes looking at the email address — from whom you received the email. Then again, hackers have the tendency to disguise themselves as a legitimate user. In that case, move on to the next red flag.
- Watch out for emails that are too good to be true. Or any emails that are addressed with urgency or any fear/greed invoking emails that requires an immediate response. This is a tell-tale sign.
- Next sign to look out for is, the emails that’s asking for your personal/private details like, passwords, social security numbers, bank account information. These information will not be requested via email (unless you requested for a password reset yourself).
- If you receive an email with attachments or links from a known source and if you are still in doubt, always pick up the phone and give them call to confirm. You know how that saying goes, “You can never be too careful”.
- Do not click on links or open any attached documents from an empty message body or an overly generic email. This is how malicious software gets downloaded into your system without your knowledge. This could lead to hackers gaining access/control of your system.
Few more handy points:
- Before clicking on a link in your email, hover your system’s cursor over that link, this will show the intended destination on the lower left corner of your browser. Or if you are accessing email from a mailbox (Like, Outlook, Thunderbird etc), hovering over the link will display the destination then and there.
- If you have generic greeting from a known source, it is definitely a scam. Like, “Dear customer”, “Hello User”.
If you have clicked a link and landed on a web page, here are the signs that says you have landed on a Phishing sites:
a. Check the website address:
- Incorrect company names could easily be missed. For example, instead of “GOOGLE”, hackers might use “G00GLE” (Its zero in the place of “o”).
- An complete website address should always end with “/”. It will never be left with “.com” or “.in” or “.org” or any other domain. For example, “https://www.google.com/” should not appear as “https://www.google.com”
- Most of the trusted websites will have secure protocol implemented. “https” and not “http”. Be cautious (or dont) punch in username and password if its not secured.
b. Beware of pop-up screens:
- Once the directs to a site and if a screen pops up with a “Username and Password” form, be sure it is a phishing site and exit immediately. If you want to make sure, try giving a fake username and password; if it lets you in, that is a definite sign.