How To Identify A Phishing Attack
Start with the facts
A recent report from University Friedrich-Alexander University in Germany indicated that 76% of internet users say they are aware of phishing scams and know how to avoid them, these same users click fraudulent links anyway. Meanwhile, social media phishing attacks are up 500%.
Want to know the unfortunate truth about phishing?
Being overconfident that you already know how to spot a phishing attempt is the main reason these attacks are successful. That’s right- even pro’s fall victim to phishing and it’s easier than ever to become affected.
What is phishing and why should I care?
Phishing allows hackers to gain unauthorized access to your devices by tricking you into giving away login or financial information. The premise with phishing is you give away your information freely, thinking someone legitimate has asked for it.
The two main forms of phishing include:
-Email is the most common form of phishing. These common emails try to get you to click on a link or download a file.
-A fake website that appears to be legitimate, but is controlled by a malicious user. This can be a fake Facebook login to trick you into giving away your username and password.
Here’s an example of a phishing email
Here you can see it looks like an email that Yahoo might send a customer. The idea here is to get you to reply to the email with your account credentials. However, this email is set to send to email@example.com
Do you see at the bottom how it says “Warning!!! Account owner that refuses to update his/her account after two weeks of receiving this warning will lose his or her account permanently.”
What the phisher is trying to get you to think is “Oh my gosh! I’m going to lose my account if I don’t reply? I better reply now!”. If you didn’t know any better, you become a victim. Reply to this email and you will lose your account because a hacker will hijack it with the information you gave them.
This classic example illustrates how if you don’t know where to look, you can easily fall victim to this phishing attack.
Step 1: Tools Help!
Software tools exist that can help reduce your exposure to phishing attempts.
Anti-Phishing Toolbar- This useful plugin for chrome helps detect when a phishing attempt is being made.
Dr. Web Link Analyzer- Copy the suspect link into their website and it will tell you if it’s safe to follow.
Step 2: Stay aware
Here are the signs of How To Identify A Phishing Attack:
-Always scan every file before you open it. Verify who sent the email if you suspect anything.
Phishing attacks with the highest success are disguised as files you are expecting to receive such as business documents.
-Make sure you’re at the right address in your browser. If you are logging into Facebook, make sure it says facebook.com in the address bar. It is possible for a fake site to look authentic, only with a different domain name such as www.fac3book.com. Be cautious because the attacker can create domains that look like this secure.facebook.com.MaliciousDomain.com that appear legitimate at a quick glance.
-Phishing and social media are a bad combination. Remember those security questions for when you forget a password? Many of these types of questions can be used by a phisher if you have a lot of personal information on social media.
Spelling and Tone
Check spelling! Look out for grammar and spelling errors in phishing and malware. When the sender hasn’t run a spell check, it possible a machine wrote the email.
-A common element is generic greetings such as “Dear Customer” instead of “Dear Matt”.
-Companies that have a legitimate reason to email you already know your name.
-Threatening tone. Be wary of any email that contains words like “Action Required Immediately” or “Your accounts will be closed”. These are almost surely phishing attempts.
-Legal companies cannot demand things from you. When you receive a message like this call the company directly to verify whether it is legitimate.
-When It Sounds Too Good To Be True, It Probably Is (A Scam).
-Did you receive an email saying you’ve won the lottery? Or that you inherited money? These are also surely scams. The odds your rich uncle died and left you millions is very small.
-Copy and paste suspicious links. By copying and pasting it into the address bar you can reveal the true destination of the link before you load the page. This can save you a huge headache.
-Always keep your system up to date to protect against preventable types of attacks. Updates are like vaccines, they prevent many existing threats from ever happening.
Here are some real-life examples of successful phishing attacks
Remember, attackers are trying to trick you into giving away information or clicking on a malicious file by disguising themselves as a legitimate request.
By simply paying more attention, checking the link before you follow it, and being cautious of file attachments, you can do a great job preventing phishing attempts.
Now you know How To Identify A Phishing Attack, head over to our Cybersecurity Tutorial for Beginners to increase your cyber defenses!
Please share this post to help your friends learn too!