Since day after day more than 260 million phishing emails are sent out, there is a good chance that one of them ends up in your inbox. How to protect yourself best from phishing or spoofing attack is comprehensively explained by Lauren Soares, Account Manager at Return Path, who even compiled ten useful tips for your convenience:
- Check the sender address! Whether an email is legitimate or not can be easily recognized by moving the mouse pointer over the senders name or the name in the "From" line. Most e-mail clients then show the destination URL that is associated with the sender's name. If this URL is unknown or their spelling is incorrect, you can emanate from a fraud attempt. For example, an email from MediaBUZZ should have as the senders domain "mediabuzz.com.sg" and not just a similar ending.
- Continue to proceed according to this method and move the mouse over any particular URL the e- mail is prompting you to visit. Always make sure that it is a reputable link and encryption is used when entering sensitive data (such as https://). If you want to be extra cautious, it is even advisable to open a new window and visit the specified website directly, rather than using the link in the email.
- Are there any grammar or spelling errors? For many hackers, it is common practice to write some words ‘intentionally’ wrong. Even if one assumes that everyone will easily recognize the fraudulent email, this tactic is purposely used by hackers to identify less technical users. Spammers and hackers have made the experience that those recipients who respond to emails that show literal errors, can easily be tricked otherwise.
- Are graphics and logos missing? Legitimate emails are generally written in HTML and consist in a mixture of text and images. If images are missing, or there is even the lack of a logo of the alleged sender, it is probably a phishing email. If an email is created in plain text format and differs from a creative aspect from the emails that you usually receive from this sender, it is best to ignore this specific email.
- Is the text actually an image? A common method of many spammers is to send emails with text as an image, thus, check if the email contains an appropriate mix of text and images. If the image is linked, move the mouse over the link as an additional safety measure for consideration to evaluate the link.
- Extra tip: The IP reputation gives insight! In case you can locate the IP address of the sender of the email, you have the opportunity to get information on the reputation of this domain with the help of the Sender Score website of Return Path. This tool shows a reputation score from 0 to the highest value of 100, providing an insight into the forwarding history of this IP address. The lower the reputation score the more likely there is a phishing or spoofing attempt in the email.
- Will personal information be collected? A phishing email usually asks you to provide confidential information, such as your account number and/or update of confidential information. As part of this tactic, phishers make it seem to be urgent to click on a URL that is harmful or download an attachment that will infect your computer or spy on the user.
- Are there any suspicious attachments? If you receive, for instance, in your inbox for the first time from your bank an email that has an attachment - be skeptical! The majority of financial institutions do not send attachments via email. Therefore, caution is always advisable in such a case, as well as regarding emails from senders that appear suspicious. Among the most dangerous file types in attachments are e.g. - .exe, .scr, .zip, .com, or .bat.
- If it is almost too good to be true, be careful! Most likely that is then the actual case. Be wary of any email that is dangling a transfer of money to your bank account if you just "click here". Even if in the content the urgency is pointed out in any way, such as with the sentence "You must immediately update your data", this is most likely fraud and should be marked as "spam".
10. Is my email address used as sender address? If you find out that your email address appears as the sender, it is clear that you are dealing with a bogus email. Check those suspicious emails at all events by following the above mentioned tips.
But not only the email recipients themselves are vulnerable to phishing attacks, companies whose good name pretends safety are abused by phishing attacks and suffer from these malicious attacks as well. A general loss of trust and loyalty towards a brand is the consequence and marketing and sales often have a long time to deal with the damages such an attack creates.
By Daniela La Marca