Header Ads

Protect Yourself from Email Phishing Attacks

In the per-Internet era, con men, also known as confidence men, would gain victims’ confidence using deception in an attempt to defraud them. The same principles are being used today, only now to even greater efficiency using online scams. One of the most prolific means for online scamming is called phishing.
It is even liable for Facebook contents.


When using email, it is difficult to know, with certainty, with whom you are communicating. Scammers will utilize this uncertainty to pose as legitimate businesses, organizations, or individuals to gain the trust of users. If a scammer is able to gain the trust of victims, they can leverage this trust to convince victims to willingly give up information or click on malicious links or attachments. To gain users’ trust, scammers will appear to be legitimate businesses or organizations by spoofing the email address, creating a fake website with legitimate logos, and even providing phone numbers to an illegitimate customer service center operated by the scammers. Being mindful and observant can help you defend against scammers’ deceptions by being prepared and proactive.


Phishing scams are perhaps one of the best-known forms of email scams. This type of scam involves a scammer pretending to have a fortune that he or she is incapable of accessing without the help of someone trustworthy, which happens to be you! The scammers will try to obtain the user’s financial information using an empty promise of sharing the wealth in exchange for their help. Spear-phishing is a targeted and personalized attack in which a specific organization or an individual is the target. These attacks utilize information about users’ email addresses, which are similar to those of their acquaintances to entice the users to either divulge sensitive information or download malicious files. This often requires a lot of information gathering on the targets and has become one of the favored tricks used in cyber espionage.

When it comes to phishing, the best line of defense is you. If you are mindful of potential phishing traps and observant of the telltale signs of a scam, you can better defend against a phishing attack. Use these easy tips to help protect yourself:

  Be cautious about all communications you receive including those purported to be from trusted entities, and don’t click on links contained within those messages. To confirm that the link is valid, rest your cursor (called a mouseover) over the link (but don’t click on it!) and look at your status bar. If the link and what you see in your status bar don’t match, the link is likely malicious.

  When in doubt, don’t click. Rather than click on an emailed link, open a new window in your browser and go directly to the site. For example, a common phishing scam consists of an email supposedly from PayPal claiming that someone deposited money into your account with an invitation to click on a link to log into your account. However, this link, while appearing legitimate, actually takes you to a spoofed (or fake) site. If you log in to check your account, you’ve actually just given the phishers your login and password, because the spoofed PayPal site that you accessed just recorded your credentials. Now they can log into your PayPal account and transfer your balance to their own bank account. Not only that, but they will continue to do so until you change your password. Ideally, when you receive a similar email, use the above tip to test the validity of the link. Then open a new web browser window, manually key in the URL, and log it to check your account. If you realize that you’ve logged into a spoofed site, log into your actual account and change your password immediately. Don’t respond to any spam-type emails. By responding, you’re telling spammers that your email address is legitimate, and they may sell your email address to other spammers. Don’t send personal information, such as passwords, Social Security numbers, or bank account information, via email. Legitimate businesses never ask users to email their sensitive personal information. Don’t input your information in a pop-up; if you’re interested in an offer that you see advertised in a pop-up ad, contact the retailer directly through its homepage, retail outlet, or other legitimate contact methods.
Scammers rely on deception to entice users to willingly do what they want. Their deception is based upon resembling legitimate sites or trusted sources. These phishing scams can be very realistic and difficult to identify. However, some telltale signs may indicate a phishing scam. By being cognizant of these, you can help minimize your risk of becoming a victim. Keep an eye out of these simple telltale signs of a phishing email:
The email has poor spelling or grammar. The email contains threats or offers that are too good to be true. That’s a common tactic that tries to elicit an emotional response to cloud the user’s judgment. The URL does not match that of the legitimate site. Scammers cannot use a legitimate URL, so they adjust the address of their spoofed website to make it look legitimate at a quick glance:
o The URL may use a different domain name (e.g., .com vs. .net).
o The URL may use variations of the spelling of the actual address.
Don’t trust a file based on its extension. There are a variety of tricks to hide the nature of the file. While the simplest solution is not to download a file from an unknown user, look for the following additional signs:
Be cautious about double file extensions. The extension can be hidden by adding a second extension such as Evil.pdf.exe so that is looks like a regular PDF but with the .exe hidden. To help spot double extensions, turn off the Hide extensions for known files option on your computer's operating system. See support.apple.com/kb/PH10845 for Apple and support.microsoft.com/kb/865219 for Windows. Be wary of container files, such as.zip files. Any number of files can be packaged inside, including malicious ones!

Beware of attached files. Malicious code can also be embedded in commonly emailed file types such as .doc and .pdf, giving you another reason to open attachments from trusted sources only! Do not open executable files. These are files which have a .exe extension. Malicious programs such as viruses are often distributed via executable files. By definition, an executable file executes or launches when you open it. That’s not to say that all executable files are bad. On the contrary, just do not open an executable file that comes to you via email. Install up-to-date antivirus software program. Enable the feature to scan attachments with the antivirus program before downloading and saving them to your computer.

No comments

Powered by Blogger.