Anatomy of phishing

2 1287
Avatar for M3i
Written by
4 years ago
Topics: Finance, Security

Have you ever received an e-mail and your gut literally screams at you to simply delete it because something doesn't just feel right about the message? Sometimes it may just be your stomach giving you signals that it's time to go for a top up or your instincts may actually be warning you in order to avoid being scammed or conned. If it is the latter case and you fail to heed your instincts then you could be in for a heart break due to the unpalatable consequences that will could follow.

A few days ago I came across a heart wrenching tweet . The person who made the tweet had lost his entire crypto portfolio to a phishing attack. His narration goes that he was expecting a parcel to be delivered to him and had received a mail purportedly from the shipping company. He had opened the said mail and visited the link contained therein.

This move was the Trojan horse with which his crypto portfolio was compromised and his entire crypto assets wiped away. He had fallen for a phishing attack via email or simply put a phishing e-mail.

The experience of this user prompted me to put together this piece so that others may be more cautious so as not to have a similar experience. I will write briefly about phishing and potential signs of a phishing email

What is phishing?
To better understand phishing try to visualize a fisherman who catches fish using a hook and line. The fisherman usually attaches a bait to the hook while casting the line into the water to fish. The bait is usually an animal such as worm or a small fish or sometimes a model of a fish. The bigger or more attractive the bait is, the bigger the catch. The essence of the bait is to lure in the catch which while trying to swallow that bait gets entrapped or stuck to the hook so that the fisherman can then reel in his catch on the hook. This is what phishing essentially is.

It is the act of impersonation of legitimate companies or organisations via different channels of communication such as email, and or advertisement in order to steal sensitive user information such as account or credit card details.

The common way of perpetrating the act is to insert a link which acts like a Trojan horse in the sense that it appears to be directing the victim to a legitimate or genuine website while in actual sense he or she is being directed to a fake website  which is an almost perfect replica of the genuine one.

The intent is to make the victim think that the data being supplied is going to the legitimate organisation while the scammers collect the data for whatever malicious intent they have. Other means include tricking the user to download attachments which are usually laden with malicious programmes or code.

Possible indicators of a phishing email
Listed below are some possible signs which when observed in an email could indicate that such mail is intended to execute a phishing attack or operation.

  1. Requests for sensitive information
    It is not standard practice for reputable organisations or firms to request sensitive user or customer information via email. Chances are that if sensitive information is being requested from you via email, such mail is likely to be a phishing email.

  2. No specific recipient
    Corporate bodies or organisations when attempting to contact its customers or prospective clients usually address the client or customer specifically instead of using a broad recipient system. For example if a bank were to send a mail to one of its customers called Mr.John, the opening salutation will either read Dear Mr.John or Dear John and not Dear customer.

  3. Grammatical errors
    This is a real red flag for phishing emails. The moment you spot a number of these in any mail that is supposed to be from a corporate body or institution, you should immediately do a thorough check of the email to verify the authenticity of the source.

  4. Absence of a company specific domain name in the email
    As a rule legitimate bodies or companies have their domain names in the official email of their communication channels. For example a government agency is expected to have .gov in its email and not simply the conventional .com. For example if Mr.Peter claims to work for the USDA, his email should read Peter@usda.gov.us and not simply Peter@usda.com.

5. The email contains unsolicited attachments which the user is required to download. Attachments with the .exe, .scr or .zip extension especially call for caution as they could contain malware. However legitimate agencies could actually send out emails with attachments but they are usually in common document formats but on some occasions they may send .zip files for instances of documents with large size or volumes.

It is therefore a good idea to have an antivirus software with antiphising capabilities which also has real time scanning of downloaded files to safeguard your data as well as your files.

For further reading see reference links below

https://www.securitymetrics.com/blog/7-ways-recognize-phishing-email

https://www.webroot.com/us/en/resources/tips-articles/what-is-phishing

Shukran

Danke

Merci

Gracias

ขอบคุณ

ধন্যবাদ 

Спасибо

for reading.

4
$ 5.15
$ 5.15 from @TheRandomRewarder
Sponsors of M3i
empty
empty
empty
Avatar for M3i
Written by
4 years ago
Topics: Finance, Security

Comments

A friend of mine recommended me a quality site where you can play slot machines online and win real money online - Griffon Cаsino . I liked this site because I could play freely and safely in the United Kingdom. I recommend you to try to play on this site, because this site is really cool and high quality.

$ 0.00
1 month ago

Nice.

$ 0.00
4 years ago