What Is Phishing & How Can I Avoid It
Many of you will not remember a world without the “Internet”. Is that mad or what?
Long, Long, Long Ago!!
Think about it, surviving without the iPhone or even Mobile Phones as they were called or laptop, hard to imagine I know, but it’s not that long ago!
Then it’s not hard to imagine, that once the Internet came into being, Cyber Criminals, as they are now called, were not far behind.
These cyber criminals, using their malicious software, started to infect online businesses and individual accounts which were part of the developing networks being created and spreading all over the world. So, it is important that we familiarise ourselves with this problem and find out how to avoid a phishing scam.
Nowadays, Internet services and websites make our daily lives that much easier by facilitating the payment of bills, shopping, making online reservations, working from home online, earning money online, communicating with each other and, of course, how we carry out our duties in our workplace.
You can now do any of these actions from any place in the world. Borders, boundaries and human limitations have been largely eliminated in order for us to have access to almost any information……….our lives have become so much easier!!
Unfortunately, we can say the same thing about Cyber Crime. All communications require a “connection” and these connections have been compromised again and again. The internet will always be vulnerable to these so called “cyber criminals”.
These days, more than ever before, cyber criminals can reach into our private lives, our personal communication devices, our homes and our work offices. There is an ongoing battle between high powered Technology Giants and cyber criminals –criminals who are becoming more and more sophisticated and technically aware of developments within the telecommunications industry.
Malware Scams & Phishing Scams
Criminals use various methods and tools:
Malware Scams – Traditional malicious software that attacks the vulnerabilities that are present in almost all the current programs and apps (even in the popular Windows operating systems).
Phishing Scams – These start with you getting a message by email or through a social network. Complicated, ingenious Phishing Scams are often deployed from unexpected regions of the world, where the Law and justice can’t easily reach the perpetrators.
The most common situations where you become vulnerable to Malicious Software (Malware Attack) or a Phishing Scam take place when you:
- Shop Online
- Open your emails
- Access Social Media Networks
Therefore, in order to protect ourselves, we need to know what are the most popular schemes and techniques used by cyber criminals to obtain our private information and financial data.
Never forget, their final target is always your money and there is nothing they won’t do to get at it.
Phishing Email Scams
Phishing scams start with a communication made by email or on social networks.
Typically, you will receive messages from Cyber criminals who try to trick you into giving them your login credentials – for your bank account,
social network, work account, cloud storage or any other personal data area they think might be valuable to them.
To disguise their intentions, the phishing emails will seem to come from an official source – it could be a bank or other financial institute, but could also be a delivery company or social network representative.
By doing it this way, they are hoping you will click on the links contained by their messages and thereby access a website that looks legit, looks like the real one – but is actually controlled by the cyber criminals. You will then be sent to a fake login access page that resembles the real website and, if you’re not paying attention, you may well end up giving away your login credentials and other personal information.
In addition and in order to increase their success rate, scammers will deliberately create a sense of urgency in the message. They’ll tell you a frightening story of how your bank account is under threat and how you really need to access it as soon as possible via a web page where you must insert your credentials in order to confirm your identity or your account.
Again of course, the provided link will only lead you to the fake web location and not to your real login page. After you fill in your online banking credentials, cyber criminals will use them to breach your real bank account or to sell them on to other interested criminals.
This is one of the main scamming techniques used to spread financial malware and data stealing malware. Realistically, there isn’t any reason why you shouldn’t be well prepared for any such attempts. However, even if you install a good antivirus program, there is no better way to stay safe from this threat than to avoid the initial infection phase.
So, How Do I Avoid Getting Caught In The Phishing Net?
A – Sender Details
First thing to check: the sender’s email address.
Look at the email header – does the sender’s email address match the name and the domain?
Spoofing the display name of an email, in order for it to appear as if it is from a “brand name”, is one of the most basics phishing tactics.
Example: An email from Amazon that comes from “firstname.lastname@example.org” is legitimate. But an email that looks like it is from someone at Amazon but was sent from a different domain, like the email in the picture below, is most certainly not from Amazon.
Check and compare the headers from a genuine valid message that you have from the same source with those on the suspect message.
- If they don’t match:
- Don’t click on anything
- Don’t download any attachment.
Here is a tool for experts – You can also analyse the email header and track IP using this tool.
If you are using Gmail – You can turn on the authentication icon for verified senders. This way, you will see a key icon next to authenticated messages from trusted senders, such as Google Wallet, eBay or PayPal. Unfortunately, only a few domains are currently supported by this program, but hopefully it will extend in the future.
Another verification method available for Gmail users – Check whether the email was authenticated by the sending domain. Open the message and click on the drop-down arrow below the sender’s name. Make sure the domain you see next to the ‘mailed-by’ or ‘signed-by’ lines matches the sender’s email address. Find out more about it here.
It will look like this:
The second thing to check: the address the email was sent to.
Look at the To and CC fields. If the email was sent to old or wrong addresses, it may indicate it was sent to old lists or randomly generated emails.
B – Message Content
Clue number one – They ask you to send them or verify personal information via email. Or, they are asking for information which the supposed sender should already have.
Clue number two – They are likely to play on your emotions or urgency. As a general rule, be suspicious of any mail that has urgent requests (e.g. “respond in two days otherwise you will lose this deal”), exciting or upsetting news, offers, gift deals or coupons (especially around major holidays or events, such as Black Friday or Christmas).
Clue number three – They claim there was some sort of problem with your recent purchase or delivery and ask you to resend personal information or just click on a link to resolve it. Banks or legitimate e-Commerce representatives will never ask you to do that, as it’s not a secure method to transmit such information.
Here’s an example of PayPal phishing:
Clue number four – They claim to be from a law enforcement agency. Law Enforcement Agencies never use email as a form of contact.
Clue number five – They ask you to call a number and give your personal details over the phone. If this is the case, search for the official correspondence from the company and use the phone number provided by them to verify if this is true.
C – Message Form
First rule -Beware of bogus or misleading links. Hover your mouse over the links in the email message in order to check them BEFORE clicking on them. The URLs may look valid at a first glance, but may use a variation in spelling or a different domain ( .net instead of .com, for example). Thanks to the new generic topic-level domains that were introduced in 2014, spammers and phishers gained new tools for their campaigns.
Second rule – Look out for IP address links or URL shorteners. They can take a long URL, shorten it using services such as bit.ly, and redirect it to the intended destination. It’s hard to find out what’s on the other end of that link, so you might be falling into a trap – better be safe than sorry. Useful Tools – Check a redirect with this Redirect Checker from Internet Officer, to see where it’s leading to. Or screenshot the page remotely using Browser Shots.
Third rule – Beware of typos or spelling mistakes. This used to be the norm, but it’s no longer as common.
Fourth rule – Beware of amateurish looking designs. This means images that don’t match the background or look formatted to fit the style of the email. Stock photos, photos or logos uploaded at low resolution or bad quality.
Fifth rule – Beware of missing signatures. Lack of details about the sender or how to contact the company points in the phishing direction. A legitimate company will always provide such information.
D – Attachments
Look out for attachments. They can attach other types of files, such as PDF or DOC, that contain links. Or they can hide malware or they can cause your browser to crash while installing malware.
The latest Kaspersky Labs reports show that in Q3 of 2015 there’s been an increase in phishing using attachments and “A particular feature was a new trick used in phishing emails – in order to bypass spam filters they placed the text of the email and fraudulent link in an attached PDF document rather than in the message body”.
E – External Links / Websites
Let’s assume that you already clicked on a link from a suspicious email. Is the domain correct? Don’t forget that the link may look identical, but use a variation in spelling or domain.
Before submitting any information on that website, make sure that you are on a secure website connection. You can easily check that by looking at the link:
Does it start with “https” or “http”? The extra “s” will mean that the website has SSL. SSL is short for Secure Sockets Layer and is a method to ensure that the data sent and received is encrypted. More legit and safe websites will have a valid SSL certificate installed.
Another way to check that, is to look on the left of the web address: is there an icon of a closed padlock? Or is the address highlighted in green? This will indicate that you are visiting an encrypted site and the transferred data is safe.
F – Helpful Tools
Use browsers that offer built-in phishing protection. In general, there are two ways to detect phishing websites – Heuristics and Blacklists.
Heuristic Method A heuristic method analyses patterns in URL, words in web pages and servers in order to classify the site and warn the user.
Blacklists Google and Microsoft operate blacklists. Google integrated them with Firefox and Chrome, so a warning message will appear before entering a phishing website. Microsoft is integrated with Internet Explorer and Edge.
You can also install browser add-on’s and extensions designed to block phishing attempts. Read more tips on this subject on Tech Support Alert.
Online scams have been developed using increasingly sophisticated means to deceive users, especially in the rich Western countries.
According to FBI, online scams have increased over the last 10 years and the total losses doubled in the recent years, affecting both private individuals and large scale businesses. For this reason, cyber criminal activities are now subject to federal investigations and are treated as a very serious problem that affects us all.
For an extended list of common fraud schemes discovered and analysed by FBI, you can check this article.
You may think that you can’t be fooled by these online scams, since some of them are quite hilarious, such as the one promising to send you money or the one where the scammers pretend to be FBI agents. However, some stories are so convincing for the potential victims that it is difficult to know how to deal with them. Since some scams are so well organised and convincing, and the people behind them are so difficult to catch, we need to always keep our guard up. So, keep checking this site and others to stay informed about the latest scamming strategies.
Have you come across any of the above scams while browsing or in your email inbox? What were the most convincing ones?
Example of an Ethical, Legitimate Website – Wealthy Affiliate.
Please visit this Wealthy Affiliate website by clicking HERE. If you have ever thought about earning an income online using a method that is legitimate, ethical and successful, then this website is for you.
You can begin as a starter member- click Real Ways To Make Money Online – and build your own website, with full support and at no cost…..yes you read it correctly…..FREE.
A Premium option is available and will be offered later on if you want to progress to multiple websites, more features and more training.
Finally, I would love to hear your comments – please use the comment box below or, if you prefer,Contact Me.
Thank’s for visiting.
Cheers for now and do take care out there.