No doubt that internet has brought everyone closer but it also has brought some troubles with it. In this cyber era, cyber crimes have increased immensely. If you are not careful enough you can be hacked with in seconds and all your personal and financial data can be compromised. There are various ways which hackers use to steal and access your data. One of the most common ways they use is phishing emails.
What is a phishing attack?
Phishing is kind of a social engineering attack which is mostly used to steal personal data including login credentials and credit card details. In this attack a hacker dupes you into opening a phishing email, instant message or text message.
What are phishing emails?
Phishing emails are from an attacker and contains a malicious link. Once you click this link, a malware will install on your system which can perform various actions like freezing your system as part of a ransomware attack or stealing your sensitive data.
Phishing Email Example:
Phishing email was used in most popular espionage attack known as a Red October Attack. In this attack, malware was hidden in an attached excel or word file. Once the user opened the file the malware was installed on the user’s system.
This attack was created by Russian hackers and was then used later on to steal sensitive information and documents of professionals from:
- Embassies and Diplomatic Agencies
- Universities and Research Firms
- Commercial Organisations
- Nuclear Energy Labs
- Oil and Gas Companies
- Aerospace Institutions
Why Phishing emails are used?
Hackers use phishing emails to gain foothold in any government or corporate networks as a part of larger and severe cyber attack. Their target is to compromise employees to bypass security measures and spread a malware in the network so that they can get privileged access to sensitive information and data.
How Phishing emails are used to hack you?
Hackers spend a lot of time to design phishing emails to mimic actual emails from targeted organisation. They use the same logos, colour schemes, phrases, typefaces and signature to make the email look legitimate.
Another trick used by hackers is to create a sense of urgency. For example, an email could threaten you with your account expiration snd place you on a timer and ask you to perform certain action to avoid it. If someone is applying pressure on you, then you will be less diligent and more prone to error.
Moreover, malicious links inside the emails look legitimate but mostly have a misspelled domain name or extra subdomains. Similarities between the two links can make you less aware that an attack is taking place.
How to detect phishing emails?
First of all look for the sender email address. Make sure that the address is correct and from your expected organisation. Make sure that there is no spelling mistake in the email address domain. For example, firstname.lastname@example.org (original)
These two emails are clearly different as the domain spelling is different. So before opening an email you must make sure that it is from original organisation.
Second, Make sure that the email is addressed to you. One of the indicators of phishing email is that it uses general salutations for example: Dear customer rather.
Third, hover over the link and see the domain name. If you open it then look for the green pad lock in the address bar. If the pad lock is green then it indicates that the site is safe and the end user can submit sensitive information to that server.
Lastly, don’t be fooled by the visual deception. Believe me hackers go to unimaginable length to ensure that their phishing email is exact replica of the spoofed organisation. So please don’t trust graphics or layout. This lock means that the site uses HTTPS which requires certificate enabling encryption. Such certificates are issued only once the site owner’s identity has been validated.
Should you open any interesting email?
No, please don’t open any email with interesting subject. Sometimes hacker do a bit of social engineering and find out exactly what interests you and then create an inciting email just for you. So please don’t open any email that interests you and click the malicious link or download any file.
Should you open emails from any sender?
No, I suggest that you should only open emails from your expected usual senders. It is actually quite dangerous for you to open emails from any one just because the subject line is attractive.
Overall, please be aware of emails sender, subject and domains before opening them. Hopefully, these tips will help you stay safe and secure.