I am sure that all of us receive countless phishing emails in various forms, some disguising as being sent from our bank, or other services we have registered to. Others are requesting us to confirm our information because our account has been compromised, some using a threatening tone in an attempt to plant fear in the readers hearts leading them to click on a link, or reply back to the email.
From the most common phishing emails we all get is the winner or inheritance kind, where you turn out to be lucky in a game that you never heard or participated in, or some lucky guy inherited millions and he needs your help to get it.
In previous posts on how we can generate complex yet easy to remember passwords, and how to use KeePass password manager to manage our accounts’ credentials, but we would be wasting all our efforts toward security and privacy by simply falling victims to one of the phishing attacks.
Here is an extract of an email I’ve got today that demonstrates such phishing emails and techniques. It have the subject stated as “REPLY SOON“, notice this threatening or urgency tone. (and if i don’t reply?)
… I once asked members of my family to close one of my accounts and distribute the money to charity organizations but they refused and kept the money to themselves and for that I do not trust them anymore as they seem not to be ok with all I have left for them. I want to give you this 3.5 Million Pounds (3,500,000.00), you will have to withdraw the money on my behalf and distribute some amount to the poor or charity organizations in your country and use the rest for your own personal welfare and always pray for my soul. …
I became the sender’s friend right away, although I don’t know him/her and I am sure he/she doesn’t know me, and here are some facts which can be directly noticed:
- Sender name: Ms.Rebecca Middleton
- Email: email@example.com
- Sent to: “undisclosed-recipients: ;”
- From the content it was stated that: my private email : firstname.lastname@example.org
How come her name is what is claimed, the email was sent from an informational email in Hewlett-packard (HP), and in the content it is said that her private email is related to another company’s domain. Moreover, it wasn’t sent directly to my email address.
Another point is, why would she trust me over her relatives to withdraw the millions, knowing that she doesn’t know me?
Stop Being Phished With 5 Simple Tips
Here are 5 simple ways that will help you uncover clues of a possible phishy email and protect yourself from becoming a phishing victim.
- Put on the suspicion mindset: whenever an email is requesting any kind of personal information, especially having this urgency and threatening tone, be suspicious about it.
- Don’t directly click on links, especially in such suspicious emails asking you to follow the link to reset a password, fill information or so to reactivate your account, etc… To be more sure about the link you can hover over it, most mail clients display the hyperlink redirection location, an example is in the above image.
- still not convinced, you have an account that you fear will be dis-activated? Don’t panic, open up the browser and directly open the related website, log-in and check if you have any messages or warning there.
- Check for obvious clues such as:
- Legitimacy of the email address and format of the email (Please note that those can be faked as well)
- Typing mistakes
- Bad grammar
- Unrealistic claims such as you are the winner of millions.
- Do you remember the 5 steps for better computer security? then get a good anti-attack suite which can block spam and phishing emails.
Test Your Phishing IQ
Here are some online tests your knowledge in spotting phishing emails:
- SonicWALL: Phishing IQ Test
- OpenDNS: Think you can outsmart Internet scammers?
- Paypal: Can You Sport Phishing?
Let me know how well you did 🙂
>> Featured Image courtesy of Dilbert
>> LinkedIn Sample Phishing email Image courtesy of LinkedIn