Phishing Emails

THIS is What You NEED to Know About Phishing Emails in 2021

Worried that someone will steal your data?

Or just want to be aware about the increasing number of phishing sites?

Either way, give this one a read to know ’em all!

What is Phishing?

Phishing is how scammers steal a victim’s personal information to access their identity and bank accounts. This can happen in multiple ways and requires caution in any digital sharing or receiving of information, which is now the new normal in our day-to-day lives. If you need guidance on ensuring that you’re not a victim of phishing through a website, check out this blog onTelepathz.

Phishing is considered to be the most successful and dangerous of all cyber-attacks. Each day, there are 6.4 billion emails that are sent and received daily. This is one of the reasons why phishing emails are in plenty. The chances of a victim falling prey to these attacks is relatively high. Research also shows that 91% of all cyber-attacks start with a phishing email. These emails usually contain links to websites that the victim may usually use.

Phishing Attacks Through Email

Most of the spam emails we receive are identified by email servers and directed into a separate spam folder. However, a few of these spam emails make it into our mailbox. These are usually harder to discern as spam. These typically look legitimate and have all the information that we would expect from an actual business or company and may also look similar to past emails that we have received.

Sometimes these emails could even look like they’re from your bank, insurance company, or even the hospital or clinic you visited for a regular health check-up. These emails usually ask you to click on a link included in the email body to verify your identity to access your account or ensure that all your details are up to date.

Phishing emails can be very subtle. However, these emails usually look like the real deal. Most times, you might not even think twice before clicking on the link provided. The information you provide could then allow scammers to steal money from your bank accounts, make fraudulent purchases with your credit cards, or even take out loans in your name.

Types of Phishing Attacks Through Email

  1. Spear phishing

    2. This is a very targeted attempt to steal sensitive information and usually focuses on specific individuals or organizations. These attacks use personal information that is specific to the individual so that the email would look legitimate. Scammers will usually do their research on victims through social media and company websites. Once they get a better understanding of their target, they will then send personalized emails. These emails will include links, which, when clicked, will infect a computer with malware and could appear to be from your bank, your insurance company, or even your doctor’s office. Once your computer is infected, scammers obtain your sensitive information to either steal your money or commit identity fraud using your details.

  2. Whaling

    3. This type of phishing attack focuses on a very high-level choice of target. It is an attempt to steal sensitive information and is most often targeted at victims in senior management. These attacks are much more sophisticated than the usual phishing emails received daily, proving much harder to spot. Whaling attempts will usually contain personalized information about the organization’s victim, and the language is very formal and corporate. Scammers put a lot more effort into these attacks as there is usually a high level of return through whaling due to its specificity in nature.   As we increasingly rely on digital means to grow our connections and share information, it could prove challenging to identify a phishing email from a genuine email. This is why scammers are increasingly targeting businesses for their phishing attacks.

  3. Clone phishing

    4. This type of attack uses legitimate and previously delivered emails to create an almost identical email containing malicious content. The cloned email will appear to come from the original sender, but these emails will be updated to include malicious links and attachments within the email body. These emails could come from your Netflix account or even Instagram to verify your login details. Scammers can use two-factor authentication to ask you to click a link within the email body to verify your account and even have the logos and font that you would usually expect to see.

How to identify a phishing email

Today’s phishing emails don’t follow the stereotypical phishing emails that may come to mind when we hear the words ‘phishing’ or ‘scam.’ It is becoming increasingly difficult to identify the actual email from the phishing email. But most of the phishing emails do have telltale signs. Here are a few phishing email examples to help you identify a fake from the genuine emails cluttering your mailbox daily.

  1. Legitimate companies won’t request your sensitive information via email

This is a tried and tested method for scammers to gain your sensitive information by posing as a company that you would trust. Scammers would usually send an unsolicited email from a company or business that provides a link or attachment in the email body that requires you to update or enter your sensitive information. However, almost all firms or companies will not send you an email asking for your passwords, credit card information, tax numbers, or even credit scores, and they will not send you a link that would require you to log in.

  1. Legitimate companies will usually call you by your name in the email subject or email body

These types of phishing emails usually use generic language in the way they would address their victim. For example, it could typically include “Dear valued customer,” “Dear account holder,” or “Dear customer.” If a company or business you deal with would require information regarding your account, the email sent to you would specifically include your name. The company or industry may also direct you to contact them via their telephone number provided. Scammers would also avoid any salutation at the email’s start, which is usually done in an advertisement.

  1. Legitimate companies would have their domain emails

While checking the person’s name sending you the email, checking their email address is also crucial. You can do this by hovering your mouse over the ‘from’ address. You can then make sure that no other numbers or letters are added to or removed from it. An example of a phishing email could be ‘michelle@paypal23.com’, compared to ‘michelle@paypal.com.’ It’s essential to keep in mind that this isn’t a foolproof method. Some companies do make use of unique or varied domains to send emails. Some smaller companies may even use third-party email providers.

  1. Legitimate companies don’t usually make any grammatical errors in their emails

This is possibly one of the easiest ways to identify a phishing email. An email you may receive from a legitimate company or business should be well written. Scammers generally aren’t stupid. But they prey on uneducated and unassuming victims who may not typically be as observant, making them easy targets.

  1. Legitimate companies won’t force you to visit their website through a link in the email body

In most cases, phishing emails are coded entirely as a hyperlink. This would mean that accidentally or intentionally clicking anywhere in the email would directly take you to a fake website or even download spam onto your computer.

  1. Legitimate companies won’t send unsolicited attachments

Unsolicited emails are the typical calling card of a phishing attack. Usually, legitimate companies or businesses won’t randomly send you emails containing attachments. These companies or enterprises will instead direct you to their website to download any required documents or files.

Again, it’s important to remember that this method isn’t always foolproof either. There are instances when companies or businesses that already have your email will send you information, such as a white paper, that may require a download. In this case, be on the lookout for high-risk attachment file types that include .exe, .scr, and .zip. If you are ever in doubt, you can always contact the company or business directly using the contact information that you find on their website.

  1. Legitimate company website links typically match legitimate URLs

It is always important to check the URL because although the link says one thing, it may lead you to another place. If the link in the text isn’t identical to the URL displayed when you hover the cursor over the link, this is a definite sign that you’ll be taken to a site you wouldn’t want to visit. You can ensure additional security by hovering your mouse over any embedded links (without clicking them!) and make sure that the link begins with ‘https://’ or ‘shttp://.’ The ending of a website address could even be changed from ‘.co.uk to ‘.org’ for instance, so that users won’t suspect any significant change (you can find out more on phishing attacks through websites through this blog on Telepathz)

Stay informed

As part of our commitment to data security, we create high quality content around the topic. Type your email below to subscribe to our monthly newsletter highlighting the latest developments in the world of cyber security.
Facebook Twitter Youtube Instagram Linkedin
Copyright 2021 ©️ BlackOrchidz Inc. All rights Reserved