Social Engineering: What is Phishing?

Social Engineering: What is Phishing?     WHAT IS PHISHING?

Phishing (pronounced “fishing”) is a kind of identity theft which is growing in popularity amongst hackers. By using fraudulent websites and false emails, fake phone calls and whatnot – perpetrators attempt to steal your personal data – most commonly passwords and credit card information.

Criminals gain this information by sending you links to sites that look like sites you trust, such as your online banking provider or social networks, and are able to steal your data as you enter it. Some of the sites spoofed most regularly include PayPal, eBay, Yahoo! and MSN, as well as financial institutions – so don’t think that an email is guaranteed to be safe when it’s not from a bank.

HOW TO RECOGNIZE A PHISHING MESSAGE

Phishing scams are among the most prevalent forms of cybercrime. Although phishing is widespread, it is beatable. Apart from ensuring you install security software, the best way to combat scams is to learn what phishing looks like.

Here are a few examples of what a phishing email message look like:

 image3 image4 image2

  • Spelling and bad grammar – Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam.
  • Beware of links in email – If you see a link in a suspicious email message, don’t click on it. Rest your mouse (but don’t click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s web address.

Social Engineering: What is Phishing?Also do check mismatched URL’s (or misleading domain names) – they can also lead you to .exe files. These kinds of files are known to spread malicious software.

  • ThreatsHave you ever received a threat that your account would be closed if you didn’t respond to an email message? The email message shown above is an example of the same trick. Cybercriminals often use threats that your security has been compromised. For more information, see Watch out for fake alerts.
  • Spoofing popular websites or companiesScam artists often use pop-up windows. For more information, see Social Engineering attacks.
  • Other important indicationsAsking for personal information – The offer seems too good to be true – You have to receive/send money – You didn’t initiate the action – Or anything which just doesn’t look right !!!

 

 How to protect yourself against phishing

  1. Be wary of emails asking for confidential information – especially information of a financial nature. Legitimate organizations will never request sensitive information via email, phone calls or by any other means – they have dedicated separate procedures for that.
  2. Don’t get pressured into providing sensitive information. Phishers like to use scare tactics, and may threaten to disable an account or delay services until you update certain information. Be sure to contact the merchant directly to confirm the authenticity of their request.
  3. Watch out for generic-looking requests for information. Fraudulent emails are often not personalized, while authentic emails from your bank often reference an account you have with them. Many phishing emails begin with “Dear Sir/Madam”, and some come from a bank with which you don’t even have an account.Social Engineering: What is Phishing?
  4. Never submit confidential information via forms embedded within email messages – a very common phishing practice and widely pushed onto your junks/spams folders on daily basis.
  5. Never use links in an email to connect to a website unless you are absolutely sure they are authentic. Instead, open a new browser window and type the URL directly into the address bar. Often a phishing website will look identical to the original – look at the address bar to make sure that this is the case (and the connection is secure  – such as https://).
  6. Make sure you maintain effective software to combat phishing (via any third-party anti-viruses) and use encrypted channels and encrypted mailservices such as Mailfence  to communicate and further safeguard your privacy.
  7. Always be suspicious – Phishing emails try to freak you out with warnings of stolen information (or worse), and then offer an easy fix if you just “click here.” (The flipside: “You’ve won a prize! Click here to claim it!”) When in doubt, don’t click. Instead, open your browser, go to the company’s website, and then sign in normally to see if there are any signs of strange activity. If you’re concerned, change your password.

You also check test a particular link before opening it on where it leads to:

Further, you can also report the phishing attempts at:

Most of all, rely on common sense. You can’t win a contest you didn’t enter. Your bank won’t contact you using an email address you never registered. Know the warning signs, think before you click, and never, ever give out your password or financial info unless you’re properly signed into your account.

Get your secure email!

Mailfence is a secure and private email-suite.

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team


Spread the word !

M Salman Nadeem

Information Security Analyst
– Security Team | Mailfence

You may also like...

10 Responses

  1. November 12, 2015

    […] Phishing scams might be the most common types of social engineering attacks used today. Most phishing scams demonstrate the following characteristics: […]

  2. June 5, 2016

    […] For more information on other (less-technical) techniques – check Social Engineering and its various types. […]

  3. June 5, 2016

    […] The most expensive people and tools are used as a last resort. The result is that inexpensive phishing and watering hole attacks abound, despite the availability of reliable defenses. These methods are […]

  4. August 29, 2016

    […] 5. Never enter your password after following a suspicious link Never enter your password after following a link in an email message/attachment from an untrusted site and always go directly to https://www.mailfence.com or https://mailfence.com/pocket/. Also, think twice before clicking on suspicious links from external websites (more details). […]

  5. September 26, 2016

    […] communication technology, but it also makes you and your computers susceptible to viruses, spam, phishing, scams and other online threats. What makes Mailfence stand out from all other email services is […]

  6. October 12, 2016

    […] to be patient and ask them what it’s all about, before rushing into clicking on the link. Check this blogpost for more […]

  7. January 17, 2017

    […] escroqueries par phishing sont probablement les types d’attaques d’ingénierie sociale les plus courantes utilisées de […]

  8. May 5, 2017

    […] is a combination of the word “voice” and the word “phishing”. It refers to phishing scams done over the phone. Individuals are tricked into revealing critical financial or personal […]

  9. June 9, 2017

    […] tend to be more inclined to trust a text message than an email. People are aware of the security risks involved with clicking on links in email, but this is less true when it comes to text […]

  10. June 9, 2017

    […] Social Engineering: What is Phishing? – 5 min […]

Leave a Reply

Your email address will not be published. Required fields are marked *