Have you encountered a phishing email before? Leave it in the comments in the bottom of this article. Anyway, we’ve got some tips to recognize phishing attacks. Let’s get started.
The Signs of Phishing
The good news is that every phishing email or message can be distinguished from the real ones! There are always signs that an email is spam. Let’s get to the issue now.
Facts that Severely Misalign with Reality
If you receive a message that your daughter has been kidnapped, but you don’t even have a daughter, you will find this message dangerous, right? Delete the message immediately if it doesn’t align with the facts you know for sure, and the message is personal. If so, it is surely sent by a scammer that doesn’t know much about you. This message or email intends to scare the receiver and let the guard down.
Therefore, you should verify the facts when receiving an email or message (specifically pointing at you). Proceed only if you find all the facts in the message/email true.
A Weird Sender Email Address
Besides the body of the content, you need to look at the sender’s email address. For instance, if an email sent by Apple has a sender email address of “email@example.com” or something like that, you should notice that immediately. This means that the email is not sent by Apple or any organization mentioned in the email.
Keep in mind that small variations count, too. For example, do you notice the difference between “app1e.com” and “apple.com”? Look carefully. If you still don’t see their difference, you may be in trouble when you come across two similar domains, especially if the scammer deliberately uses these types of domains with slight variations with a legitimate domain.
Too Good or Too Bad to Be True
Sometimes, the things mentioned in those phishing messages are just too extreme. For instance, you’re told that you won a lottery that you haven’t ever participated in. In that case, you should find it strange. That offer is too good to be true.
On the contrary, things that are too awful should alert you, too. For instance, if you receive a message saying that your account is disabled unless you pay money, don’t trust them! Normal websites never do that, and the sole purpose of that fake message is to extract your credit card and bank account details and steal money!
If you have any account-related issues on the email, don’t click any links or open any attachments. Instead, go to the associated website and try to log in and see what has happened. You should deal with the account issue if it’s real, but you have to ignore the problem if it’s fake.
Moreover, you should be aware of the greetings. If it shows “Dear customer”, “Dear account owner”, or something like that, this email’s likely deceptive. Usually, legitimate companies will show the username in the greetings if you have an associated account. For instance, if the username is “Mars Reconnaissance Orbiter”, the greeting should be “Dear Mars Reconnaissance Orbiter”.
Executable Attachments and Strange Links
For malware to spread through email, attachments and links are usually the essential part. Therefore, you should look out for strange (especially executable attachments). For instance, if it’s only supposed to attach a plaintext file, you should not see “.exe” at the end of the filename.
Moreover, weird URLs in links in the email are a clear sign of phishing, too. Some links bring you to pages that convince you to enter your personal information and password. Others can directly install malware on your computer without your knowledge. Keep in mind that scammers often use misspelled URLs, such as “goog1e.com” instead of “google.com”. Therefore, you should look out for any signs of misspellings in the characters.
To ensure your safety, never click on any links or open any attachments on an email unless you confirm that the message is legitimate and from people you trust. If it mentions an account-related issue, it’s best to directly log in to your account instead of clicking on the link.
Grammatical and Spelling Mistakes
Sometimes, phishing emails may have some grammatical or spelling mistakes. That’s probably not because they’re not good writers, but because they want their emails to pass through the anti-spam filter and land right at the receivers’ inboxes.
Mistakes are inevitable, so a misspelling or two can be acceptable. However, if there are excessively many typos or if they’re accompanied by other symptoms, you should be cautious. Moreover, the message is likely malicious if the misspellings are made deliberately. For instance, misspelling “lock” as “1ock” is a misspelling that makes it a different word, but that word looks like the original word.
How to Deal with Phishing Attacks?
If You Recognize It
You will probably recognize most phishing attacks with the tips above and the other tips in the references. If you know that it’s spam, write down the sender’s email address and delete the email immediately. After that, you have to report the sender if possible.
However, if that sender is someone you know and trust, you need to contact the sender right away (but not through email). His or her email account is likely hacked, and the scammers have already used the sender’s identity to send malicious emails.
If You Fall Into the Trap
Unfortunately, once you click, it might be too late. If the page or attachment directly downloads malware, you will have no choice but to factory reset your computer to make sure that nothing dangerous is hitching a ride on your computer anymore. For the procedures of removing as much malware as possible, please look at the article in the link. And if possible, consult advice from an expert to make critical decisions for you.
However, if you landed on a page with fake login credentials, you have hope unless you entered the information before you find that suspicious. But no matter what you entered, remember to change all your passwords immediately. Make sure you change the answers for security questions and verify recovery information to repel the hackers.
If you’re locked out of your account, you can use account recovery options to try to get your login credentials back. But if you cannot regain access to your account, you don’t have the ability to stop hackers from exploring your personal data. Simply start over with a new account and expect spear-phishing (personalized phishing) emails to land on your inbox.
Today, we discussed the signs of phishing and how to deal with that. Remember to verify emails and messages before further action, and you should look at the references to learn more about preventing phishing.
References and Credits
- Geraldine Hunt. (2021, March 15). 10 Tell-Tale Signs that Spam Email is a Phishing Scam. Retrieved April 8, 2021, from https://www.titanhq.com/blog/10-tell-tale-signs-that-spam-email-is-a-phishing-scam/
- (n.d.). Phishing Email: Tips to Recognize and Avoid | Kaspersky. Retrieved April 8, 2021, from https://usa.kaspersky.com/resource-center/preemptive-safety/phishing-email
- Rob Sobers. (2020, March 29). The Anatomy of a Phishing Email. Retrieved April 8, 2021, from https://www.varonis.com/blog/spot-phishing-scam/
- (n.d.). How to Recognize and Avoid Phishing Scams | FTC Consumer Information. Retrieved April 8, 2021, from https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
- Josh Pyorre. (2016, February 8). Grammar and Spelling Errors in Phishing and Malware – Cisco Umbrella. Retrieved April 10, 2021, from https://umbrella.cisco.com/blog/grammar-and-spelling-errors-in-phishing-and-malware