Digitization and growing use of technology has led to a massive spike in cybercrimes and cyber security threats. The digital world has witnessed rise in information sensitive data breach through ill-legal cybercrimes like Phishing attacks. Despite what people think and claim of knowing about Phishing attacks, they are yet consistently falling a prey or victim to this cybercrime. By fraudulently installing a software in your application via an email attachment, malicious link, the hacker retrieves on any valuable information they can get their hands on. The primary objective of phishing is to getting hold of sensitive information or data through which people can be duped for money or business critical information.
What is Phishing?
Phishing is a grievous cybercrime which involves fraudulent attempt of obtaining sensitive information through e-mails, texts or calls. Pretending as a legit institute, hackers lure individuals into providing sensitive and personal information such as passwords, credit card details, social security numbers, login credentials or other personal details.
While scammers often come up with new ways or tactics to dupe people, there are some signs that may help people recognize a phishing mail or text. So, here is how one can identify Phishing emails and avoid falling a victim to cybercrime-
How can one recognize Phishing Emails?
Legit institutes never ask for sensitive information via email-
There is a high probability that you may have received an unsolicited email from an institution asking you to provide information sensitive details, but that it is a scam. Most reputed firms, organizations and institutes will not send an email asking for such critical details. Information asked could be anything ranging from passwords, credit card information, credit scores, to social credentials or even tax number, along with a link sent through which they ask you to login and share details. One must understand that it’s a scam and that If ever in doubt about its authenticity, one must directly contact the institute to verify the same.
Legit institute never sends random mail with attachments or links in it-
Random emails sent with attachment or links to open might not necessarily be from a legit institute. Emails sent with link or an attachment for you to open with a pretext of providing you information may actually be a scam. A legit institute often directs the person to its original website to download documents or files. However, if there is any such probability of receiving a mail with attachment for downloading documents, then lookout for high-risk attachment file types like zip files, .scr and .exe. It is best to verify with the concerned person before clicking the links or downloading attachments, for it is better to careful than to be sorry.
Genuine companies address you by your name-
Another way of figuring out whether mail in question is from a legit company or no is by checking the salutation in the mail. E-mails from a genuine company will always address you
by your name. The salutation will never be generic like “Dear valued customer” or “Dear Sir/Madam” or “Dear Customer” or “Dear Account holder” if you have been dealing with a company or institute requiring your personal information or data sensitive information will always address you by your name or even directly contact you via a call. There are chances that hacker may altogether avoid using salutation on their mails. Always spot for such hints and you could probably save yourself from being scammed by the hacker.
Third party email domain-
To check whether the mail received is from a genuine company lookout for the domain of the email. Mostly reputed institutes or organizations send mail using their company domain name. rarely do small companies that use third party email domains send mails asking for information and if in case of any then its best to verify before responding. You should also look for any minute alterations made in the domain name or email address by the sender to mislead the recipient. Although these are not really a guaranteed method of validation, but at times it could surely help you in identifying legit and non-legit institutes.
Check for spelling or grammatic errors-
The easiest way of identifying scam mail is by checking for spelling or grammatic errors. Emails from a legit firm will be a well-drafted one having no bad grammar or spelling errors in it. Hackers often try targeting uneducated one’s believing they will not notice such errors.
It doesn’t really make a difference even if your organization has installed the most secure security system in their company systems and applications, if one can be easily targeted and fooled into giving away data or information you have strived to secure all the while. One must ensure that their employees understand and be well-trained for being observant to such scams via mail.
Narendra Sahoo (PCI QSA, PCI QPA, CISSP, CISA, and CRISC) is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm, based in the US, Singapore & India. Mr. Sahoo holds more than 25 years of experience in the IT Industry, with expertise in Information Risk Consulting, Assessment, & Compliance services. VISTA InfoSec specializes in Information Security audit, consulting and certification services which include GDPR, HIPAA, CCPA, NESA, MAS-TRM, PCI DSS Compliance & Audit, PCI PIN, SOC2, PDPA, PDPB to name a few. The company has for years (since 2004) worked with organizations across the globe to address the Regulatory and Information Security challenges in their industry. VISTA InfoSec has been instrumental in helping top multinational companies achieve compliance and secure their IT infrastructure.