Phishing
- Market My Venture
- Jun 22, 2024
- 8 min read
Updated: Aug 7, 2024
PHISHING
Ever wondered why phishing sounds so close to fishing? Well, just like fishing involves a bait to catch a fish, phishing involves deceptively designed emails that lure you into a trap. But instead of catching fish, cyber criminals are Phishing for your personal and financial information, or trying to build a relationship with you to get your money later.
Welcome to one of the most prevalent threats in the cyber world……Phishing. This isn't just any threat; it's the master of disguise in the arsenal of cyber criminals, making it a top priority for you to understand and guard against.
Let’s start with some good news. Most email providers have efficient filters, known as Spam filters, which automatically identify a suspicious looking email and stop it from landing in your inbox. A second good bit of news is that you can get something called an Anti-Virus, which is a digital tool that can limit, or prevent the impact of a successful Phishing email.
So read this article, then go and look in your Spam/Junk folder in your emails to see some real Phishing emails that were sent to you, then go to our Anti-Virus product reviews for our top recommendations. Finally, you can finish with a little test to see if you can spot the difference between Real and Phishing emails, by visiting our Practice section here.
What is Phishing?
Imagine receiving an email that appears to be from your bank, asking you to urgently confirm your account details, or else face dire consequences. The email looks real, but something's off. This, right here, is phishing: a fraudulent attempt to obtain your sensitive information by disguising itself as a trustworthy entity in electronic communications.
Why should you care? Because phishing doesn’t just target the gullible; it targets everyone. From tailored emails targeting an individual person, known as spear phishing, to broad, generic campaigns, these cyber attacks are designed to use Social Engineering and manipulate your emotions, using fear, urgency, curiosity or one of the other emotional triggers in our Social Engineering article and their aim is to trick you into compromising your security.
Different types of Phishing emails
Let’s look at the different types of Phishing emails you are likely to receive:
Links
Links in emails are like shortcuts to other parts of the internet. We use links within our articles to direct you to our other pages, or like this to direct you to our YouTube channel (Have the YouTube link). Links can be perfectly safe and are a good way to navigate the internet quickly. However, cyber criminals also know this, so they try to exploit this by creating unsafe links that can:
Downloading Malicious software (Malware):
Clicking on a malicious link can automatically go and get the Malware and bring it back to your device. There are many, many different types of Malware, ranging from basic viruses that will slow down your device, all the way to Spyware that allows the attackers to ‘Spy’ on everything you do, like seeing the websites you visit, and everything you type. A good Anti-Virus will stop many types of Malware, however, they won’t stop them all, so knowing how to identify one of these Phishing emails is vital.
Check out our Anti-Virus article and make sure you have one!.......don’t worry…..this link to our article is one of the safe ones!
Directing you to fake websites:
Clicking the malicious link here will direct you to a Website created by that criminals that either mimic legitimate company websites, or represent a fake company. They can look so convincing that even seasoned professionals can be fooled. The criminal’s aim here is to steal your personal details like your log in credentials and passwords.
QR Codes
QR Codes are something that have been around for quite a few years now and they are basically just a different way of providing a link. Just like links, they can be perfectly safe, but they can also be weaponized to download Malware, or direct you to a fraudulent website. The good thing about QR codes is that when you scan them, your phone will first show you the link address before sending you there, giving you the chance to spot anything suspicious. Later in this article we’ll show you how to read one of these link addresses.
Attachments
Again, attachments are usually perfectly safe to use and open. However, unlike links they don’t direct you to a webpage. Instead, malicious attachments are almost always used to sneak Malware on to your device.
Information gathering
Some Phishing emails are more subtle and don’t try to send you anywhere or download anything. Instead, they are focused on one of two things:
Obtaining information about you, whether that’s from the questions within the email, or identifying you as someone that interacts with Phishing emails, or;
To initiate a conversation to build a sense of trust between you, only to abuse that trust later to commit fraud. Check out our Fraud & Financial Security page to see the most common fraud types and their tactics.
The Deep Dive
Phishing emails in General:
Except for the information gathering style Phishing emails, all Phishing emails will use Social Engineering. Attackers use this technique to manipulate your emotions through panic, excitement, curious, compassion, or anxiety, because they know that we all make hasty decisions when we are emotional. If you haven’t yet read our article on Social Engineering, now’s the time. It’s invaluable for preventing the majority of Cyber Attacks.
Key Takeaway:
If you remember nothing else from this article, remember this…..If an email is trying to make you feel one these emotions, then Stop, don’t rush, take a breath, and come back to the lessons in this article before you act…..now might be a good time to Bookmark this article so it’s easy to find again in the future. Depending on your browser, you usually need to just click the Star icon at the top of your screen.
Chrome:
Edge:
Firefox:
So….if an email is using one of these emotional triggers and contains a Link, Attachment, or QR code just delete it. Especially if it’s giving you time limit to act We’ve never heard of anyone losing a once in a lifetime opportunity because they didn’t click a link! However, if it appears to be from a company you use, such as Amazon, or your bank, ignore the link provided and visit the company’s website directly through your usual way. This is the quickest and safest way to ensure you don’t fall prey to a scam.
Additional signs to watch out for:
The sender’s email address: Check if the email comes from a public email domain like @gmail.com, instead of a corporate domain. Legitimate organisations normally use their own company name and not something like @gmail.com. For example, Amazon emails come from @amazon.com, not amazon@gmail.com. You can also check if the name is misspelled, for example, @amaz0n.com instead of @amazon.com. Sometimes, the sender's address may look legitimate at a quick glance but contains subtle inaccuracies or odd characters.
Generic greeting: Phishing emails often use vague and generic greetings like “Dear Customer” or “Dear User,” instead of your actual name. This can be a sign that the same message has been sent to a mass audience.
Inconsistencies in Email Design: Look for inconsistencies or low-quality elements in the email layout, images, and logo that do not match the brand’s usual emails. Phishers might attempt to mimic the official format but often get details wrong.
Reading Links
While it’s common for companies to direct you to external pages, understanding the destination of a link or a QR code can give you a good sense of whether it is trustworthy or malicious.
And anyway…..do you remember that some links will try to send you to a fraudulent website pretending to be a legitimate company? Well….knowing how to read a link will help you to read the webpage address and identify it if it is a legitimate website or not. You can learn this by visiting out Secure websites article on our Internet Security Page.
How to read a link:
Firstly, you need to move your mouse cursor over the link in the email but DO NOT CLICK ANYTHING! When your cursor is hovering over a link, you will get the link address somewhere on your screen.
If you’ve never read a link before it looks just like a set of random letters and numbers and can seem a daunting task. But don’t panic, here is how to read one in 4 easy steps.
Ignore the beginning part of http//: or https//: and find the next /
Read backwards from that / until the next .
Read backwards from that . until the next . or /
Ignore everything else. That is where the link is trying to send you.
Try reading this one:
You’ve just read the link address to our YouTube channel. Easy right? Want to practice some more? Then check out our interactive practice section: Real or Phish.
Attachments
Unlike links, attachments aren’t trying to send you somewhere, they already contain the Malware and are just waiting to be opened. You can’t always tell if an attachment is malicious, so let us repeat this guidance….
IF AN EMAIL CONTAINS AN EMOTIONAL TRIGGER…..ESPECIALLY USING A TIME LIMIT………DON’T OPEN THE ATTACHMENT. DELETE IT.
Be wary of file types that are commonly used for spreading malware, such as .exe, .scr, .zip, or .rar files. If you receive a document or image, ensure it uses standard file types like .pdf, .docx, or .jpg
If you don’t know what these are, look in the line above at our guidance and just delete it!
Information gathering phishing emails
There’s not much to deep dive into these types of phishing emails, except to know that these don’t always follow the generic rules of using social engineering. Responding to these emails is the worst thing you can do, so our advice is pretty simple here….If it’s come out the blue…..think ‘no thank you’. Whenever you get an unexpected email that is asking you for information, or trying to start a professional or personal relationship with you, simply delete it and carry on with your day.
Anti-Virus: Your digital guard dog.
Think of anti-virus software as a guard dog for your digital devices, tirelessly working to chase away intruders. Each piece of malicious software, from viruses to spyware, carries a unique digital signature, its own kind of DNA. Your anti-virus software maintains a database of all known malicious signatures and actively scans your device to intercept these threats before they can do harm.
Why an Anti-Virus is a Must-Have
Preventive Security: Without anti-virus protection, your device is open to all sorts of cyber threats. With cyber attacks becoming more sophisticated and frequent, the risk of becoming a victim is higher than ever.
Real-Time Surveillance: Good anti-virus software monitors your system in real-time, catching threats as they arrive. This proactive approach is crucial in preventing a successful attack.
Peace of Mind: Knowing you have a reliable anti-virus program running in the background provides peace of mind, allowing you to browse, download, and communicate online with confidence.
Good news: Anti-Virus can be free.
While there are many comprehensive paid anti-virus solutions, there are also excellent free options that provide solid protection for your basic needs. Visit our Anti-Virus review page for our top recommendations, then follow our step by step guide on how to instal it.
That’s it. Congratulations…….you’re now a King/Queen Phisher and are much better prepared at identifying and responding to email attacks.
Now you can test yourself by visiting our interactive practice section: Real or Phish
Don’t forget to subscribe to our website and be the first to hear of the new, unique content that we aim to bring you, and of course there is always our YouTube channel you can visit to support us and see more in depth discussions and tutorials.
Thank you for taking the time to boost your cyber security knowledge with us. Remember, knowledge is power! Staying informed the best way to stay Safe From Cyber Crime.
Comments