What is Phishing
Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from PayPal, eBay, Youtube or online banks are commonly used to lure the unsuspecting.
The sole purpose of a Phishing attempt is to acquire your sensitive information to do frauds.
How Phishing Works
Phishing scams generally take advantage of software and security weaknesses on both the client and server sides. But it has been seen that most of the phishing scams are generally done by convincing you that the attacking message is a simple piece of information from a trusted source. The typical phishing attack tries to create a sense of emergency to trap you.
How can I detect Phishing Scam Emails
Most of the phishing scams are carried through phishing emails. Detecting most of these phishing emails is easy, if you are a bit careful. Here we are producing screenshots of a few actual phishing emails, and try to elaborate how to detect phishing emails.
1. Look for your Name in the address: Phishers, generally don’t know the names of their targets. They are actually phishing for the weak and unalarmed users to make their targets. Look for the header of the email you received. If you do not find your name or email address in the address bar, this is a red sign. You have to be cautious on this email. See Figure below.
2. Look for the Salutation / Greetings: Generally, the financial organizations are very careful about the personal experience which their users get while transacting with them. One usual practice taken care by them is to greet their customers with the name. If you do not find any greeting or salutation, then it is also a thing to deal the email with caution. We are not saying that all emails without salutation are phishing emails, but this is definitely a preliminary way of raising your alarm bell. See Figure Below.
3. Look for the URLs as shown in the emails and your Browser Status Bar: Nowadays, most of the browsers display the URL in their status bar if you hover your mouse over a hyperlink. This is your most important trick to quickly discover most of the phishing attempts. Hover your mouse over the link, and without clicking just look down below at your status bar. Compare the two links very cautiously. See Figure Below. Can you see the minor difference in both the links. That is the boundary line between good and the evil.
[Bonus Tip] Look for https://: Almost all the Financial organization do online transactions through a secured protocol, and this requires the URL to begin with https:// instead of http://. Look for it. If you find the URL to be only http://, then it is most likely a phishing email. See Figure Below.
4. Look if any generic name is there in the salutation: Like mentioned above, if you do not find a salutation, or you find a generic salutation, then it is time to be concerned. We are not saying that all such emails are phishing, there are many exceptions to this as well, but it is surely a sign to be more cautious and look for other clues. See Figure Below.
5. Look for Poor Grammer and Salutation: Without prejudice to any country or race, it has been observed that most of the phishing attacks are from countries where population is not English speaking. And it leaves a mark everywhere. Since phishers are generally individuals, not organizations, and mostly operating from close confines, there are small grammatical and punctuation mistakes in their copy. Look for them, and be warned. See Figure below.
6: Do not rely on the link address shown in the Browser Status Bar: Even if, you find that the URL address as shown in the Browser Status Bar is exactly same as that shown in the email, there are chances that the actual hyperlink is pointing to somewhere else. In such a case, your safest bet is to just select the URL and copy it. Open a second browser windows, paste the address there and press enter. Remember, do not use the Copy Link Location command from the right click menu. It will defeat the entire purpose.
7. Do not rely even if you find your name in the salutation or address: With the advancement of technology, phishing techniques are also getting smarter every day. Now phishers dig deep and research to find the name and addresses of their targets. So even if you find that proper Greetings and salutations are there, still there are chances that you are staring at a phishing scam attempt. See Figure Below.
8. Look for the domain name of the link: The domain names tell you many things. If the domain name of the URL, to where your Browser status bar is pointing, is same as your financial institution, then you are most like safe. But be very cautious here. You should be knowing, what exactly is the domain address in a URL. Phishers try to make it look like the original domain, and you have to find the actual domain name from that. See the figure below.
9. Use Copy & Paste: Yes it is really good idea. But remember, don’t use Copy Link Location from the right click menu.
[Yet another Bonus Tip] Be watchful. Do not get alarmed when the email creates a sense of urgency by warning you that your account is just about to get suspended. Be cool and try to confirm from your banker through their actual website or phone, whether it is really true.
And remember, howsoever smart you are, you can never be totally phishing proof.
This is not all about Phishing. You can find more information on Phishing elsewhere, be watchful.
Happy Anti-phishing.
July 6th, 2008 at 6:22 pm
Its really awesome tut. Moving one more step ahead, its better to look for originating ip,domain and domain key is verified or not…
July 6th, 2008 at 6:24 pm
Enjoy the stumble today…
July 6th, 2008 at 6:28 pm
Yes Pawan, That is true, but a bit more geeky for average users.
Thanks for the stumble.
July 6th, 2008 at 11:39 pm
hey there, kinda informative blog on phishing.
keep up the good work!
have a nice day ahead!
July 8th, 2008 at 12:08 am
Silki,
Phising has been there for a long time and it is too bad that still lot of people are falling for it. Thanks for putting together details about phising. Let us hope your article educates people and not be a victim for phising.
Also, thanks for visiting my blog and commenting on it. I read several other articles on your blog, they are very well written. I have subscribed to your blog.
Ramesh
The Geek Stuff
July 8th, 2008 at 4:39 am
I think i could be saved from phishing as I’m just using debit card. It is really safe?
October 27th, 2008 at 6:32 am
Awesome article. You really do spend a lot of time helping to fight the almost impossible war on these types of things.
Thanks for your contribution.
Like you’ve said, common sense. I think someone needs to write an ebook about common sense!
June 3rd, 2015 at 3:20 am
I like the helpful information you provide in your articles. I will bookmark your blog and check again here regularly. I am quite certain Ill learn a lot of new stuff right here! Good luck for the next!
June 5th, 2015 at 2:14 am
There are some fascinating closing dates on this article but I dont know if I see all of them center to heart. There is some validity but I will take maintain opinion till I look into it further. Good article , thanks and we wish more! Added to FeedBurner as effectively
June 8th, 2015 at 3:46 am
Im not that much of a online reader to be honest but your blogs really nice, keep it up! I’ll go ahead and bookmark your website to come back down the road. Cheers
June 13th, 2015 at 7:55 am
Thank you for sharing excellent informations. Your web site is so cool. I’m impressed by the details that youve on this website. It reveals how nicely you understand this subject. Bookmarked this web page, will come back for more articles. You, my friend, ROCK! I found simply the information I already searched everywhere and simply could not come across. What a perfect site.
July 2nd, 2015 at 6:26 am
Hey I am so delighted I found your web site, I really found you by mistake, while I was browsing on Google for something else, Anyways I am here now and would just like to say thanks a lot for a tremendous post and a all round entertaining blog (I also love the theme/design), I dont have time to read through it all at the moment but I have book-marked it and also included your RSS feeds, so when I have time I will be back to read much more, Please do keep up the superb job.