Phishing emails are fraudulent attempts to obtain sensitive information, like passwords and credit card numbers, by posing as legitimate companies.
These emails, sent by scammers with ill intentions, can result in identity theft, fraudulent purchases, and other malicious activities.
In the first two quarters of 2022, Malaysia detected a total of 195,032 payment system-related phishing activities, with 108,755 in quarter one and 86,277 in quarter two
Fortunately, there are ways to identify and avoid phishing attempts. Read on to learn how to protect yourself from these scammers.
Understanding Phishing Emails
The first step in recognizing a phishing email is understanding what it is. Phishing emails are designed to persuade the recipient to take a specific action, often by using social engineering techniques to make the email appear authentic and requesting sensitive information like login credentials and passwords.
!Beware of Socially Engineered Phishing Emails!
Phishing emails that use social engineering techniques are particularly dangerous because they are tailored to the recipient and appear authentic. This makes the recipient more likely to comply with the requested action, which can have catastrophic consequences.
For instance, if the recipient visits a website infected with malware, opens an attachment containing malicious payload, or discloses their login credentials, a scammer can gain unauthorized access to a corporate network.
How to Identify Phishing Emails
Phishing emails often share common characteristics that can help identify them. They often play on emotions like curiosity, sympathy, dread, or greed to induce recipients to take action without thoroughly examining the email for potential defects or inconsistencies.
By educating your team about these characteristics and providing them with instructions on how to respond when a threat is suspected, you can train them to recognize and thwart phishing attempts and network infiltration.
Here are some tips on how to identify phishing emails:
1. Emails Demanding Immediate Action
Phishing emails often use a sense of urgency and threaten negative consequences or opportunity loss unless immediate action is taken.
Be cautious of emails that pressure you to act quickly without giving you enough time to review the email for potential signs of fraud.
2. Emails with Unusual Greeting or Salutation
Legitimate work-related emails between colleagues typically have informal greetings. If an email begins with “Dear” or contains phrases that are not commonly used in informal conversation, it may be suspicious and warrant further investigation.
3. Suspicious Attachments
Therefore, internal emails with attachments should be viewed with suspicion, especially if the attachment has an unfamiliar file extension or one commonly associated with malware (e.g., .exe, .zip).
4. Emails Requesting Payment Details, Login Credentials, or Sensitive Data
Be wary of emails from unexpected or unfamiliar senders that request payment details, login credentials, or other sensitive data.
Phishers can create fake login pages that resemble legitimate ones and send emails with links to these fake pages.
Always double-check the authenticity of the email before entering any sensitive information.
5. Inconsistencies in Email Addresses, Domain Names, and Links
Phishing emails often contain inconsistencies in email addresses, URLs, and domain names. Compare the sender’s email address with previous emails from the same company to see if they match.
Hover over links to verify their legitimacy. If an email claims to be from a known organization but the domain name is different, it could be a red flag.
6. Emails That Seem Too Good to Be True
Be cautious of emails that promise rewards or incentives that seem too good to be true, especially if the sender is unknown or you did not initiate contact.
These emails could be phishing attempts aimed at tricking you into clicking on links or opening attachments.
The Infamous Fraud of Domain Name Renewal
If you own a website or domain name, it’s crucial to be aware of a new scam known as the ‘Domain Name Renewal Scam.’
This scam tricks people into transferring their domain registration or ownership without their consent and may even steal sensitive payment information.
This scam is particularly convincing as it specifically mentions your domain name and creates a sense of urgency by claiming that it will expire soon. Upon checking, you may realize that your domain is indeed expiring on the date they mentioned.
Here are some tips on how to recognize and avoid domain renewal scams:
- Make sure you know the name of your domain registrar and only renew your domain name through their official website.
- Avoid being coerced into immediate payment, especially over the phone.
- Always read the fine print and investigate before paying for anything that seems unusual. Phishers have become adept at infiltrating emails.
- Trust your instincts. If something feels off, take the time to investigate and confirm its legitimacy.
As a web hosting provider and domain registrar with over 20 years of experience, Exabytes has come across several phishing attempts targeting their clients.
One such scam involved disguising the email content with the Exabytes logo and including Exabytes details in the signature.
Read more about these phishing attempts here, and learn how to avoid them here.
In conclusion, it’s crucial to be cautious and vigilant against phishing scams. By learning to identify signs of a phishing email, such as suspicious senders or links, you can protect yourself from these deceitful scammers.
Remember to never disclose your personal information, such as passwords or credit card numbers, unless you are certain it’s a trustworthy website.
Always double-check the sender and link before clicking on anything. Additionally, keep in mind that phishing scams can also occur over the phone.
Lastly, legitimate companies, including banks, government agencies, domain registrars, and web hosting providers, will never call you to ask for your passwords.