Phishing emails usually impersonate a bank, financial services, email, and cloud service provider and attempt to steal sensitive information from a user. These sorts of scams are generally not targeted attacks but are conducted by sending emails to a large group at once.
Sometimes it becomes difficult to detect phishing emails. However, these emails tend to follow similar patterns and schemes, which makes them obvious and easy to spot.
Indicators of a Phishing Email
Most phishing emails request users’ login credentials and payment information like credit card details. Some also offer rewards and even threats to create a sense of urgency in the mind of the users or even deliver malicious files using attachments.
Use of Generic Greetings
If you receive an email message that uses generic greetings such as “Dear Account Holder” or “Dear Customer” it might be a phishing email. Scammers generally use these forms of salutations in order to sound more convincing.
If you are receiving mail from a legitimate organization or one that you are a client of, they would probably address you by your name.
You must be cautious after you receive emails with generic greetings and not share your personal information unless you are certain that the email is authentic.
One of the common signs of phishing emails is misspellings and poor grammar widespread throughout the mail. Email from a professional or a trusted source would be free or have a few grammatical and linguistic errors.
It is not the best thing to open an Email attachment without determining the source. If you ever receive an attachment containing scripts or encrypted files, it is advised to ignore such emails. It is also a healthy practice not to open any attachments unless you know it is from a legitimate sender.
The attachments with the scam emails often come with
.zip file extensions. The system or the Antivirus software cannot identify these types of concealed files. If you download or open such attachments, it could inject malicious software into your system that can be used to steal your data.
Some Phishing emails come up with a warning message to act faster to avoid the consequences (like fines and penalties) or to receive reward points and gifts.
The phishing emails also sometimes issue threats to the receiver, such as telling the account will be closed unless immediate action is taken. These emails generate panic in the receiver’s mind by creating a fake sense of urgency to act quicker with a countdown timer or a deadline.
The phishing Emails also may come attached with the URLs of fake websites that resemble the original ones. If you open the link or use your login credentials or payment information on such fake websites, you will be compromising the security of your sensitive data.
To know if the link is safe, hover the mouse over it and check the lower left corner of the browser screen. If the URL shown there does not match the link in the email, it is a masked link that might redirect you to an unsafe website.
Also, ensure that the link starts with HTTPS. If it begins with HTTP or the browser displays ‘your connection is not secure error,’ it is better to avoid visiting such a link. If you happen to click over such links, do not provide any of the details on such websites.
Requests for Login Credentials and Payment Information
Phishing emails often request users with their personal details. Such emails are composed like they are from a payment platform like PayPal, social media, or your Bank. They request you provide your pin, password, credit card information, and other sensitive personal details.
Usage of Public Email Domains
Phishers generally use the Public Email domains such as Gmail, Yahoo, and others to deliver scam emails to users. If you receive an email from a payment service provider, financial institution, or any organization but from a public email domain, recognize it as a scam.
Legit organizations always use their private email domains to contact their clients. A private email will most probably have the domain name of the company that has sent the email. For instance, firstname.lastname@example.org.
How to Avoid Falling into Phishing Email Scams
Users must always be vigilant and avoid taking unnecessary risks with their online privacy and security. Even careful ones can fall into the trap of a phishing scam. Here are some precautionary steps that can help protect you from falling victim to a phishing scam.
- Be careful of the emails that request your personal information, like login credentials and credit card details. A legitimate company will never ask for your details through emails.
- Do not open any links or attachments from unfamiliar sources. These could contain malware and viruses that can steal your data.
- Use strong and unique passwords on all of your online accounts. Password Manager can help create secure passwords for you and help them manage them for you. Also, use two-factor authentication to add an extra layer of security to the accounts.
- Use a good antivirus software and keep it updated. Most Antivirus software comes with Anti-phishing features that help identify and block the phishing contents on emails and websites.
- Only use the websites that use the HTTPS web protocol. You can recognize a website using this protocol by checking the web browser’s address bar. It will also have a lock icon on the side of the url.
- Use the combination of the plus sign ‘+’ and your email address whenever you use your login credentials to subscribe to any website.
For instance, let’s say email@example.com is your email address. While subscribing to the newsletter of The Economic Times, enter your email address as firstname.lastname@example.org rather than using your original one.
This way, you will receive the newsletters from the website on your original email, but you will spot the +economictimes part with it. Use the + with the respective websites you are trying to sign in to.
If the website misuses your email information and sells it to someone else, you will spot it easily. This will give you a whole lot of convenience in detecting spam email and also if some website is misusing your personal info. You can also create multiple email combinations using this trick.