What is Phishing Email attack and what are the signs of a phishing email?
Updated: Jul 8
Have you ever identify emails that looked legitimate but were a scam or phishing?
Well, All these are phishing or mail spoofing for you!
Let's discuss spoofing emails, phishing emails that appear to be from the authorized person, but they are not in reality. Hackers modify the header of an email to make it look as if it is sent by someone legitimate person. It is one of the most popular strategies used in spam and phishing emails.
The risk and damages of email spoofing or phishing are very high if we are using email for corporate purposes. For example your own company or online store or for small business.
So we need to must aware of all the threats of spoofing along with phishing. In this article, we will discuss how to keep away from email spoofing.
How to identify a phishing email?
The message is sent from a public email domain
No legitimate company or organization will send emails from an address that ends with @gmail.com, not even Google. Most of the organization except small caps company will have their own email domain and company accounts, for example, legitimate email from google will read like this @google.com
The sender address: Double-check the sender address before clicking on any link. Phisher always enough smart they will mask the sender address along with difference could be only one letter so we may not even notice. Please see the below example. For example firstname.lastname@example.org - legitimate email@example.com non-legitimate email.
Bad grammar and spelling: Many phishing attacks are not very well organize or the body of the email contains spelling and grammar mistakes such type of an indication that the message is not a legitimate email.
Suspicious attachments/links: it's very important to check the sender's address before clicking on the link or attachments. Phishing or spoofing email messages will ask you to click on the link for further process or click to download the attachment. If the email looks not legitimate email then hovering the pointer over the link to see the web address.
Urgency: Many phishing attacks may contain a message that will warn you of issues with your account or any issue with your payment. This is just because Cybercriminal trying to make you act as quickly as possible without thinking too much. In these cases, it's even most important to double-check the link in the message and sender address.
Asking for sensitive information: Sending any sensitive information through email is never safe. If your bank asking for your username or password through email for a technical issue its is highly recommended not to send it information. The bank never sends an email asking for passwords, credit card information through email.
Surprise lottery: Most common phishing email is winning a lottery or gift card emails. This is just the way of cybercriminals clicks on the malicious link to open the message. Highly recommend not click on this type of link.
Plain text/ Absence of logos: Most legitimate emails will be written with HTML and will be a mix of text and images. A poorly constructed phishing email may show a no of images, including the lack of the company’s logo. If the email is all plain text and looks different than what you’re used to seeing from that sender, it is best to go with your gut feeling and ignore the message.
How to mitigate phishing attacks. There are some preventative steps that you can take to reduce the phishing attacks or at least mitigate them here are some ideas by Dr. Tech.
Use your own save links: if you are accessing the same website on a daily or even weekly it is better to use bookmarks of those websites. This is the only way to reduce you to land on the legitimate site. So even if you receive any notification from Bank say your password expired. you can access the bank link via a bookmark so it's much safer than clicking on a link from the email.
Use spam Plugin: install or activate a tool that will identify malicious sites for you so you know can check the website you find is legitimate or no. Example Signal Spam plugin
Install antivirus: Antivirus is the best way to save from the malware in a file or from a malicious website. Example: Sophos Home
Use 2- factor authentication: Most important use Multifactor authentication whenever possible for example in Facebook. Gmail, net banking. In case if cyber criminals steal your password they will still not able to log in until entering the second authentication code.
Email spoofing and phishing are some of the most active ways by cybercriminals to get hold of sensitive information. But the good news is with the help of the above-mentioned tips we can reduce the spoofing of email and keep yourself safe from the cybercriminal. You can never too cautious when it comes to using the Internet need to take some preventive measure to ensure your are on the safe side when you are making online purchases or entering user name or password for net banking or facebook anything.