Written by 9:22 AM Information Security

How to Protect Against Phishing

According to Google, Phishing is the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers. For example, a person may receive an email stating that their bank account has been compromised and they need to change their password. Usually, a link is provided, and the victim may click on the link, fill in their information on the counterfeit website. Once this is done, the victim has given their account information based on what was asked on the form. The scammer will now have their banking information and will be able to access their account.

Types of Phishing scams

  1. Email Phishing

These emails contain that leads to malicious websites, or attachments containing malware.

  1. Whaling

These attacks are usually aimed at Senior Executives. Usually includes scams of bogus tax returns. Tax forms are highly valued by criminals as they contain a host of useful information: names, addresses, Security numbers and bank account information.

  1. Vishing and Smishing

Smishing involves the sending of malicious text messages while vishing involves a telephone conversation. A common vishing scam involves a scammer pretending to be an investigator from a bank, telling the victim that their account has been breached.

 

Here is an example of a Phishing Email

So how do you prevent yourself from that? Firstly, properly inspect the email address and not just the sender’s name. If you look closely at the picture above, you will see that the email address is actually “[email protected]”. Most companies will have a custom domain for their email address. For example, legitimate emails from Paypal will read ‘@paypal.com’. The best way to check an organisation’s domain name is to type the company’s name into a search engine. Now that we’ve detected the email address is not from the company you may go ahead select the option to mark it as spam and block the sender. Only after that should you delete the email. if you want to take it a step further, you can report the email address report it to https://us-cert.cisa.gov/report-phishing .

 

What if I did not realize the email address was fake?

If you realize your email account had been compromised, you need to contact the company, report the matter, and change your account’s password or remove your account from the provider if you don’t wish to continue using them. To ensure you do not fall for schemes like this, you must train yourself to check where links go before opening them.

 Other ways to detect Phishing emails

  1. Companies do not usually send emails that request personal financial information, it’s always best to contact the company directly if you are suspicious of an unsolicited email.
  2. Never click on a link or an attachment in an email that asks for confidential information or payments, go to the website directly instead and look closely at where the link plans to take you by hovering your mouse pointer over the link.
  3. Scammers usually use common substitutions such as zero instead of an “O”, 1 instead of “L” and 8 instead of “B.”
  4. A company’s logo may be copied and used in order to make the email seem more legitimate.
  5. Check if the domain address matches the one known from the company.

Contributed by: Abygayle Ivey from Jamaica. Abygayle is a member of Women in InfoSec Caribbean (WISC), is currently pursuing a career in IT and is an ambassador for Youth Can Do IT (YCDI). She is also featured here: https://blog.wiscaribbean.org/meet-abygayle-ivey/

Connect with her on Linkedin: https://www.linkedin.com/in/abygayle-ivey-bb3209174/

Close