Phishing

What is Phishing

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from PayPal, eBay, Youtube or online banks are commonly used to lure the unsuspecting.

The sole purpose of a Phishing attempt is to acquire your sensitive information to do frauds.

How Phishing Works

Phishing scams generally take advantage of software and security weaknesses on both the client and server sides. But it has been seen that most of the phishing scams are generally done by convincing you that the attacking message is a simple piece of information from a trusted source. The typical phishing attack tries to create a sense of emergency to trap you.

How can I detect Phishing Scam Emails

Most of the phishing scams are carried through phishing emails. Detecting most of these phishing emails is easy, if you are a bit careful. Here we are producing screenshots of a few actual phishing emails, and try to elaborate how to detect phishing emails.

1. Look for your Name in the address: Phishers, generally don’t know the names of their targets. They are actually phishing for the weak and unalarmed users to make their targets. Look for the header of the email you received. If you do not find your name or email address in the address bar, this is a red sign. You have to be cautious on this email. See Figure below.

2. Look for the Salutation / Greetings: Generally, the financial organizations are very careful about the personal experience which their users get while transacting with them. One usual practice taken care by them is to greet their customers with the name. If you do not find any greeting or salutation, then it is also a thing to deal the email with caution. We are not saying that all emails without salutation are phishing emails, but this is definitely a preliminary way of raising your alarm bell. See Figure Below.

3. Look for the URLs as shown in the emails and your Browser Status Bar: Nowadays, most of the browsers display the URL in their status bar if you hover your mouse over a hyperlink. This is your most important trick to quickly discover most of the phishing attempts. Hover your mouse over the link, and without clicking just look down below at your status bar. Compare the two links very cautiously. See Figure Below. Can you see the minor difference in both the links. That is the boundary line between good and the evil.

[Bonus Tip] Look for https://: Almost all the Financial organization do online transactions through a secured protocol, and this requires the URL to begin with https:// instead of http://. Look for it. If you find the URL to be only http://, then it is most likely a phishing email. See Figure Below.

phishing1

4. Look if any generic name is there in the salutation: Like mentioned above, if you do not find a salutation, or you find a generic salutation, then it is time to be concerned. We are not saying that all such emails are phishing, there are many exceptions to this as well, but it is surely a sign to be more cautious and look for other clues. See Figure Below.

5. Look for Poor Grammer and Salutation: Without prejudice to any country or race, it has been observed that most of the phishing attacks are from countries where population is not English speaking. And it leaves a mark everywhere. Since phishers are generally individuals, not organizations, and mostly operating from close confines, there are small grammatical and punctuation mistakes in their copy. Look for them, and be warned. See Figure below.

phishing2

6: Do not rely on the link address shown in the Browser Status Bar: Even if, you find that the URL address as shown in the Browser Status Bar is exactly same as that shown in the email, there are chances that the actual hyperlink is pointing to somewhere else. In such a case, your safest bet is to just select the URL and copy it. Open a second browser windows, paste the address there and press enter. Remember, do not use the Copy Link Location command from the right click menu. It will defeat the entire purpose.

phishing3

7. Do not rely even if you find your name in the salutation or address: With the advancement of technology, phishing techniques are also getting smarter every day. Now phishers dig deep and research to find the name and addresses of their targets. So even if you find that proper Greetings and salutations are there, still there are chances that you are staring at a phishing scam attempt. See Figure Below.

8. Look for the domain name of the link: The domain names tell you many things. If the domain name of the URL, to where your Browser status bar is pointing, is same as your financial institution, then you are most like safe. But be very cautious here. You should be knowing, what exactly is the domain address in a URL. Phishers try to make it look like the original domain, and you have to find the actual domain name from that. See the figure below.

phishing4

9. Use Copy & Paste: Yes it is really good idea. But remember, don’t use Copy Link Location from the right click menu.

phishing5

[Yet another Bonus Tip] Be watchful. Do not get alarmed when the email creates a sense of urgency by warning you that your account is just about to get suspended. Be cool and try to confirm from your banker through their actual website or phone, whether it is really true.

And remember, howsoever smart you are, you can never be totally phishing proof.

This is not all about Phishing. You can find more information on Phishing elsewhere, be watchful.

Happy Anti-phishing.