How to spot common red flags in phishing emails
Sometimes, an inbox can be flooded with newsletters you don’t’ remember subscribing to and random ignored emails. There are, however, some emails you receive that purposefully grab your attention through catchy captions and content or flashy images attached to them. If you’ve ever clicked on one of these emails and encountered any problems, then you have just been a victim of a Phishing attack.
What is a phishing attack?
A phishing attack is a type of cyber-attack in which the perpetrator poses as a legitimate organization or individual tricking you into submitting your sensitive data like banking credentials, email, addresses, or phone numbers. They will hold your information as ransom in return for money, snatch your identity and make use of it, or potentially sell your information to the highest bidder.
Phishing isn’t only limited to emails, it can stretch as far as SMS texts, spam messages on messaging apps, and even phone calls.
Types of phishing attacks
Phishing attacks are simple by practice but have different variations that distinguish their purpose. Here are 4 popular phishing attacks to look out for.
- Email Phishing – the most common form of a phishing attack is via email. The attacker sends out a mass amount of emails to users hoping one of them will “bite” the bait. The attackers will impersonate a real organization by copying the email address in which the email was sent and writing some form of a message with clickable links.
Such links will lead the user to enter a malicious website resembling that of a legitimate one and steal all the credentials it requests you to enter. Once you enter your information, you might have allowed malware to infect your device or blatantly write down your phone number, banking credentials, and other personal information to a phony website that only the attacker has access to.
- Whaling - Whaling is a more targeted form of phishing that requires background checking of the victim. Attackers would set their eyes on a specific target and study their network behavior. When the time is right, they will send out an email to their target, usually a high-level individual such as a CEO, that resembles someone or entity he is acquainted with. The target will usually not think twice about it since it crosses all the checks for legitimacy.
The message will resemble a familiar email originating from a coworker or associate and include relatable content and request the target’s personal data such as banking credentials. The attackers will receive this information and hold it as ransom until they get what they want or use it for their own gain.
- Clone Phishing – This form of phishing utilizes an original email with links and attachments. The faulty message usually contains a form of virus and malware to infect the user’s device. The emails are almost flawless and indistinguishable.
- Pop-up phishing – This form of phishing is the most simplistic but effective. The attacker will use pop-ups on a website with urgent messages or spoof a legitimate message urging the user to click on it. It might be a small pop-up prompting the user to allow or ban notifications or cookies. Once the user clicks on any button, it will install malware or any form of a virus that will infect the user’s device.
What to look out for
After reading the contents of the message or email, read it again and try to spot any red flags contained. See if there are any spelling mistakes or if the email contains unusual messages. Try to think if you should be receiving such messages in your inbox. Check if the email address is accurate and if the address ends with the label website.
☑️ [email protected]
Be wary of such emails. If you work in a company and assume a high position or are an entrepreneur, then pay attention always to people who might want to steal your information. Don’t always keep your personal files in a cloud; save a backup on external hardware like a USB. Make sure to encrypt the information you deem sensitive. Pay attention to the sentences, logos, signatures, greetings, misspellings, and anything else that might seem out of place.
Don’t be surprised if the emails address you by your full name to impose relatability. You might receive emails that present the following messages:
- The internal IT department urging you to run routine security scans on your device claiming that you’re under threat. They will provide links that are malicious and will activate malware or ransomware upon clicking them.
- Advertisements congratulating you as lucky winners for a draw or a game in which you haven’t participated. It will also urge you to click on a link to claim your rewards and release malicious software once clicked.
- Websites posing as your bank will address an issue and insist that you click on the link to resolve it. Of course, the link will redirect you to a webpage where you will write down your banking credentials gifting the attacker access to your finances.
What you can do to avoid it?
Email phishing is a numbers game. Even if only a tiny number of receivers fall for the scam, an attacker who sends out thousands of bogus emails can obtain valuable information and even money. Being vigilant and alert is the greatest approach to avoiding such attacks.
Don’t simply click on links that seem urgent. And if it’s urgent, then ask yourself why would you receive such emails. Download an ad blocker to detect fishy emails. To alleviate yourself from potential phishing attacks, use password managers which can detect phishing scam emails, and bookmarks, and trust yourself to not succumb to their attacks.