Almost every day we are bombarded with many spam emails in our inbox, and many of these emails may be malicious. These emails have the potential to damage our lives in ways most of us can’t imagine. These emails are called phishing emails.
What is phishing email?
A phishing email attack is a type of attack that aims to steal a user’s personal information, usually by clicking on a malicious link. contacts users via email or exploits malicious files on their computers.
Common parameters of phishing emails include suspicious addresses, links or domains, threatening language or sense of urgency, errors in emails, suspicious attachments, and emails requesting personal information.
Phishing attack is the most common attack vector to achieve the first method. The sole purpose of the attack is not to steal the user’s password. The aim of such attacks is to exploit the human factor, which is the weakest link in the network. Attackers use phishing attacks as the first step to breaking into a system.
How to recognize phishing emails?
Most phishing emails follow a similar pattern to target users. We will be looking into some of the common parameters on how to detect phishing emails.
The FROM Parameter: Ask yourself the following questions:
- Do you recognize the sender? Do you usually communicate with this person?
- Is this email from someone in your organization? Or outside of your organization?
- Does the email domain look suspicious? For example: (Support-yourorganization.com)
The TO Parameter: Ask yourself the following questions:
- Was it sent to you directly or were you CC’d on this?
- Was the email sent to multiple random people in your organization?
The Attachment parameter: Ask yourself the following questions:
- Does the attachment make any sense to you? Were you expecting this file?
- What type of attachment is this? Often, malicious pdf documents are initial entry point.
The Hyperlink parameter: Ask yourself the following questions:
- Would this be a safe link to click?
- When you hover over the link, does it show a different address than what it’s showing?
The Content Parameter: Ask yourself the following questions:
- Are they offering me free stuff?
- The sender offering to gain something of value with a sense of urgency? For example, win $9000 if you click the link within an hour or 24 hours.
- Does the content of the email seem logical?
Think before you click
Think twice before opening or clicking any email. If you have noticed anything unusual in any of the parameters mentioned above, do not open or click on anything. If you work in a corporate environment, report any unusual emails to protect yourself and others.
Phishing emails are getting sophisticated as threat actors are finding new ways to target people. Be smart when opening any unknown emails or clicking any links from unsolicited emails. Remember, one click can be the reason of becoming a victim of many online attacks. Stay vigilant and spread awareness regarding phishing emails.