E-Mail Phishing: All one must know
One of the most widely used technique to perform scam and identity theft is Phishing.
Image Source: idagent.com
Phishing is an attack against the end user which focuses on collecting user's personal data or in technical terms Personally Identifiable Information (PII) by tricking a user into providing details or clicking a link to a website, which is definitely a fraudulent website.
The very common methods to attempt phishing:
1. The user has won the lottery, or getting some discount offers, so the sender ask for the personal information to transfer amount and will ask user to deposit the little bit sum of money to get the amount. Once the user pays or provides the information, the scam is done.
Fig. Source: https://www.pandasecurity.com/mediacenter/panda-security/social-media-scams/
2. Attacker claiming himself/herself to be an organization's employee like a bank employee or employee of any well-known company and send the request to user to click on link which redirect user to a fraudulent website and enter information. A naive user will not notice the website's structure or authenticity and will enter information. Information may be asked against password confirmation or for credit/debit card renewal, etc.
Fig. Source: https://www.mailguard.com.au/blog/email-scam-targets-amazon-store-online-shoppers
3. The more dedicated scams provide an attachment which contains an exploit along with the mail. When user download and open such attachments, then the exploit will create a remote connection to the scammer, keeping user is unaware of it.
Detect Phishing E-Mails:
The very basic form of scam e-mail is mail received from allegedly known sender. Noticing that the mail is fraudulent is very simple:
1. Look at the sender's address. All the scam mails are generally some different sort of address, not the actual address of sender. Consider this example, a authentic mail from amazon will always end with “@amazon.com” but mail address like “seller-performance@payments-amazon.com”, “amazon-security@hotmail.com” or “amazon-payments@msn.com” are fraudulent mails.
Also, the legitimate site address of amazon always ends with "amazon.com", "amazonsellerservices.com" or "sellercentral.amazon.com". Any site with amazon in address like "security-amazon.com" or "amazon.com.biz" are not the legitimate site.
2. Note that mail from legitimate organization never ask for personal details. If any mail asking user for the personal details against some actions is a spoofed mail or phishing mail.
Note the address of site. Although the site looks legitimate but its address is not the original domain of amazon. This site is the copy of amazon site. The information entered in this site will reach to the scammer and then user will be redirected to original site claiming wrong credentials.
3. Review the mail body. Most of the phishing mail has grammatical and typographical errors and it is one of the good way to identify a phishing mail.
4. Sometimes attacks are not target based due to which it may not address user by the name. It will be addressing in general like,
Hello Amazon User,
or
Dear customer,
Want to grab a lowest price deal.
etc.
5. Mails dealing with very urgent sort of works that may include delayed payment to be completed, etc. These types of mail scare user and due to urgent tag, a naive user may become suspect of it.
Fig. Source: https://www.mailguard.com.au/blog/whaling-ceo-fraud-business-email-compromise-targeted-spear-phishing-attacks-continue-to-trouble-businesses
Make a note that spoofing attacks are much more technical and looks valid as compared to that of phishing.
The best practice when such types of mails are on the inbox is to either ignore, block or delete them. Move any such mail to the spam folder so that in future such mails will not be shown in inbox. Never open any attachments, or click on link provided. If possible go to legit site whose spoofed mail is received and report for the spoofed or phishing mail.
So, being an end user, it is very necessary to be secure from such fraudulent.
Comments