As a computer user you are very likely to come across, or be the subject of, a phishing attack.
What is Phishing?
Every year numerous people lose money or give away valuable information as a result of phishing attacks. These attacks are largely carried out via email. Cyber criminals don’t discriminate when it comes to targeting people with phishing attacks. If you are not careful, then you could well become fall victim to one of these attacks.
Despite advances in technology (and because of these advances), phishing attacks are more widespread than ever before. Some sobering facts about phishing attacks:
- On an average, a computer user gets as many as 16 malicious emails every month
- Phishing is a billion dollar industry
- More than three out of four companies have experienced a phishing attack
- 97% of computer users don’t know how to identify a phishing email
- Phishing is as serious a threat to individuals as it is to businesses
As with many things in life, when it comes to phishing attacks, prevention is better than cure. Understanding how this type of cyber scam works and knowing its warning signs can help you identify a phishing email.
In this post, we will discuss everything you need to know about phishing, so that you will be able to spot a phishing email from a mile off if and when it lands in your inbox.
How to recognise a Phishing email?
Phishing gets its name from fishing, because just like a fishing enthusiast uses a hook to catch a fish, a phisher uses email to steal your personal information.
This is how a phishing attack works:
The phisher masquerades as a trusted source which helps convince a user to open an email, click the embedded link to a phishing website, and enter their personal information (like credit card details). Once an unsuspecting user shares their financial information, the phisher steals it.
Another way phishing attacks work is that hackers trick computer users into downloading seemingly innocuous files, which are actually ransomware or malware.
Ransomware is a malicious piece of software that encrypts all files on a system. Once this is done, the user cannot access these files and the hacker then demands a payment for decrypting the files. Malware can also potentially steal sensitive data stored on infected computers.
Not all phishing attacks are the same; some are more sophisticated than others.
Here are the 4 most common phishing attacks.
Deceptive phishing is the most common and the least sophisticated of all email phishing scams. Employing a “spray and pray” approach, they involve sending mass emails to millions of computer users.
Such emails frequently have messages along the lines of “You’ve won a lottery,” “You’ve inherited millions of dollars from so-and-so person”, “Urgent message from your bank.” The subject matter of these emails varies, but their goal is the same: to trick users into clicking on the embedded link and subsequently sharing their financial information.
Generally, these emails involve a fake webpage, which looks very similar to the website of the company or organisation they are purporting to be.
For example, scammers may send a mass email telling users that there is some problem with their PayPal account, and to fix it, they must click the link below. The link takes them to a fake PayPal webpage, where they are asked to login. However, once the user logs in, their data is stolen.
At times, hackers send blank emails containing a malicious attachment. These emails have a subject line which says something like “download”, “print”, or “scan”. Once a user downloads the malicious attachment, all their files are encrypted and then must pay a ransom to get the files decrypted.
Spear phishing is different from deceptive phishing in the sense that it involves a greater level of personalization. Hackers customize malicious emails with names and other details to convince the recipient that the email is authentic. Despite the difference, the goal of spear phishing is the same as of deceptive phishing: to coax unsuspecting users into sharing their personal information or downloading a dangerous file.
For example, hackers might masquerade as your bank or any other business you are likely to trust, and ask you to click the embedded link to fix a problem. Once you click the link, you will be asked to log in into your bank account or share your personal information. These emails usually target businesses but they can also target individuals.
At times, hackers target people who use a specific service or a company. For instance phishers frequently target Dropbox users, given Dropbox’s huge popularity.
For instance, in one such Dropbox phishing attack, users were sent an email stating that they have received a file but it is too big to be delivered as an email attachment. To get that file, the users must click the link mentioned in the email. As you may guess, the link took users not to the genuine Dropbox login page but to a fake one from where hackers stole the login details of those who clicked the link.
Google Docs Phishing
Google Docs is another hugely popular service making it a frequent target for phishers. The strategy is pretty much the same. Hackers will send an email with a link to a fake Google account log-in webpage. Once the user clicks the link and enters their login details, hackers steal it.
How to Spot a Phishing Email
If you are wondering who is at risk of a phishing email attack, then the answer is simple: Everyone who uses email. Phishers target individuals and businesses alike.
Protect yourself against phishing attacks with these simple tips:
Don’t assume an email is from the name in the ‘sender’ field
The most common ploy used by hackers is to spoof email’s display name. A phisher will impersonate as a well-known business by using its name along with an unmatched domain name.
For instance, a hacker may send a name that displays the name of a prominent business like “Bank of America” but the domain name will be a different one. The email will look genuine to unsuspecting users. Therefore, always check if the displayed name is same as the email address displayed in the “from” field of email header. If it is not, you can safely assume the email is not genuine and consequently you should not click the attached link or download any attachments.
Check if the URL has a misleading domain name
Let’s assume you receive an email from this address: Google.Infocenter.com
Can you tell who owns this domain name?
If you said Google, you’re wrong.
In a domain name, the last part is what matters, not the ones before that. So, in the above example, the mail was sent by an unknown company called Infocenter and not Google.
Hackers often target users by combining using the name of a well-known company in their domain name. Therefore, always check the last name of a domain name to find out who has sent you the email. If the last part of a domain name is something you have not heard of, don’t open the email. It is likely to be a phishing scam.
Always check a link before clicking it
The thing about domain names is that they cannot be faked. So what hackers do is they disguise a link using a link shortening service. Therefore, if you receive an unsolicited email with a shortened link, do not open it.
Another popular Phishing strategy is to encode a URL to hide its true destination. For instance, the encoded letter “A” reads as %41.
An encoded link will read something like this: http%2F%3A%2Ftiny.cc%4F712b542bca
Even at a first glance, this links appears strange. If you see an unusual looking link or one with a few ‘%’ characters in it, don’t click it. It is likely to be a phishing scam.
Hackers also often hide a harmful link inside text. If you receive such a link, first hover your mouse over the hyperlinked text. Doing so will show you the actual link.
The email has an unsolicited attachment
More often than not, unsolicited emails are fraudulent. Legitimate businesses generally do not send unsolicited emails with attachments.
If you receive an email from an unknown sender, look out for file types such as .exe or .zip. Hackers frequently use these file extensions to install rogue programs or applications. You can either ignore such emails or contact the sender directly to confirm whether they have indeed sent you the email. Do this by looking up the website of the company and contacting them directly using their email listed there. Whatever you do, but do not click on the attachment included in an unsolicited email.
You are being asked to send money
If an email asks you to send money for covering any sort of expenses, taxes, or fees, it is a sure sign of a scam. Phishers, after all, are after only thing – your money. If they are contacting you, they are going to ask for it sooner or later. Never act on an email that asks for money.
You are being asked for personal information
If an email asks for your personal information, such as the details of your bank account or your credit number, then this is also very likely to be a scam. Phishers need your personal information in order to steal money from you, and that’s why sometimes instead asking for money directly they ask for your personal information.
Keep in mind that your bank will never ask you to provide such information for the simple reason that they already have them. Nor would government agencies or reputable companies ask you to disclose confidential information over email.
The emails issues a threat or makes an unrealistic offer
Phishers often try to steal money by promising a monetary reward or scaring the recipient in some way. For example, you may receive an email supposedly from your bank stating that your bank account will be seized if you do not immediately submit the enclosed form (which will ask you to disclose personal information).
Obviously, any such email is a scam because banks do not seize or close accounts just like that.
Similarly, if you receive an email claiming you have won a reward and to get that you need to disclose pay a small fee or share your personal information, you can rest assured that it is a scam.
A common threat is one that claims that your keystrokes have been monitored and they have hacked your webcam and been watching you and sites that you have visited. Even though they are likely to have your name and some password used somewhere, this is a Phishing scam. Your data has likely been in a data leak from some website and sold on to various sources to carry out Phishing attacks such as this.
How to Protect Yourself from Phishing
Use a reputable security software to protect your computer. Make sure you update the software regularly to protect yourself against new security threats. Most security software (if not all) automatically download and install new updates, provided you do not deselect the automatic update feature.
Protect your accounts by turning multi-factor authentication on
Many accounts today offer extra security by requiring two or more credentials to log in. When you select multi-factor authentication, it is harder for phishers to log in into your account even if they get your username and password.
Protect your data by backing up
Make regular backups of your data, either on your computer, an external hard drive, or in the cloud.
Keep your device drivers updated
Hackers may exploit security vulnerabilities in outdated device drivers to slip in malware in your system. For this reason, it is important that you regularly update your device drivers.
You can manually update your device drivers using a built-in utility called the Device Manager. However, keep in mind that to do so, you need a little bit of technical knowledge. Also, the manual process of updating drivers can be time-consuming. A better approach for many is to use a reliable driver update tool.
Updating Drivers Automatically
Automatic driver update tools offer many benefits, the most important ones being:
- You can update device drivers automatically
- The software scans and updates all outdated or missing drivers at one go
- The tool picks the right drivers for your device and operating system, so you won’t have to worry about installing an incorrect driver by mistake
- Automatic driver updates are 100% safe
Driver Updater is one of the best driver update tools out there. Outbyte Driver Updater will give you access to a database of over 1 million drivers. It will regularly scan your PC, suggesting new driver versions to install. Driver Updater contains drivers for a variety of Windows devices. With just one click, you can update drivers in your system.
Scan all devices
Install or update drivers automatically