Security lexicon with SaferPass #2: Phishing emails

The number of cyber attacks reached its maximum last year and it’s definitely not going to positively change next year. 51% of adult US citizens suffered some kind of security incident between the December 2015 and December 2016. These personal attacks have been usually spread through phishing or malware. Today we will learn how to become the expert in recognizing phishing emails!

Phishing can be easily explained as an attempt to obtain sensitive information – user name, passwords or credit card details. Phishers usually use emails or instant messages. These emails and messages look so trustworthy that a person doesn’t instantly recognize the existing danger. Consequently 30% of people open the phishing email and 12% click on the included link. When you click on the link, the website asks you to enter your credentials. In this moment they obtain your private information. Phishers also use another ways to elicit information from users. They pretend to be a representative of the company and contact the user to send them their account details. However it is very unlikely that a company will contact their customer this way, people are usually not able to recognize the fraud.

How can you recognize phishing emails?

97% of internet users can not identify a phishing email. Companies usually try to protect their customers from getting these emails with DMARC, domain-based message authentication, reporting and conformance or by explicitly explaining that they don’t contact their customers this way on their website. However sometimes the email ends up in the mailbox of unaware user.

Double-check the email sender

Phishers will use a name of a well known company with just a small modification that you as a user won’t realize. If you don’t expect this email to come or you feel that this email in not trustworthy, just don’t open it. If it is important, the company will find a way how to contact you. However if you by accident open the email, first thing what you can do, is to check the email address. If it doesn’t match the sender, delete the email immediately and don’t click on anything that is included!

Check the content and mistakes

The most important part is content of the email. If you spot spelling or grammar mistakes, you may be dealing with a phishing email. Serious companies are pretty strict about their content thus a major mistake won’t be seen in official emails. Moreover the salutation can also reveal the origin of the email. Banks or official shops often know your name and they will make sure to customize the email for their customer.

Don’t reveal private information

Banks or companies will never ask you for your credentials or sensitive information over email. Because they already know it! And the last think a bank or reputable company want, is to put their customer in danger.

Analyze the signature

Be really careful if you find lacking or even no contact information in the email. Every legitimate company will make sure to provide you with all the necessary information.

Don’t click on attachments or links

First thing to do when you spot a link in the email, investigate whether the url matches what the link actually presents. You can do this very easily, just hover the mouse over the top of the link and the hyperlink will show up.

Most importantly if you feel that the email doesn’t seem right, most probably it just isn’t.

Source: www.expandedramblings.com , www.securityaffairs.co