In my time as an IT systems administrator, I have seen quite a lot of phishing attempts. I even went as far as trying to bait the people behind these emails into lengthy conversations. In this short guide I want to provide some tips and tricks on how to detect and defend against these emails.
Table of Contents
What is phishing and why do bad actors do it?
Phishing is a type of attack that tries to steal your money or your identity by getting you to reveal personal information, credit card details or passwords. There are multiple ways cybercriminals try to accomplish this. An example:
Say you receive an email claiming to be from your favorite social media platform. The email says that someone tried to log in to your account and if it wasn’t you that you should reset your password. The email also provides the link to change your password. You click on the link and are presented with a website where you can enter your old and your new password. Everything looks authentic but there is one key difference. The website you are currently looking at is not actually provided by your favorite social media platform but actually by a cybercriminal pretending to be said platform. If you were to enter your password, the bad actor would have to following information about you:
- The email address you used to click the link
- The password you just entered
- Your approximate location based on your current IP address
But not only can the criminal now log in to your account but he can also try and access hundreds of other websites where you could potentially use the exact same email and password. Since about 65% of people use the same password on multiple websites, chances are that he will gain access to something.
How to spot phishing emails
First, check the sender of the email. Does the address make sense? Cybercriminals may try to send emails from domains that have very similar spelling to the company they are pretending to be.
facebook.com --> facebrook.com
Next, check for obvious spelling errors or inconsistencies in the message itself. Does the email make sense at all? Phishing emails are usually not personalized and use generic greetings or the local part of your email to address you. If your address is firstname.lastname@example.org you may find a greeting like “Dear marry42“.
You may also find an increased amount of grammatical errors or missing variables such as $user or $location. The latter are used in mass emails where the username or location of a person should be filled in by an automated tool.
Most phishing emails also include a “call-to-action” which is basically a way to make the reader interact with an email. These include:
- Call a number
- Click a button or link
- Open an attachment
- Answer for more information
Any of the above can be used to either gain information about you or to get you to run malicious programs on your device which then again will gather information about you.
If it is a phone number, perform an independent web search and check if this number is listed on the official website.
If it is a button or a link, hover your mouse over it without clicking and check where it redirects you to. Most browsers will show you the real URL in one of the bottom corners. On mobile, you can long-press the link to see where it redirects you to. Check if the URL matches the company or if there are any spelling errors in it. In most cases, you can also perform the requested action by going to said website in a separate window. This way you do not need to interact with the button or link and can check if the email was legitimate.
If it is an unexpected attachment, don’t open it, period. If you think you know the sender, get in touch with them in a known-good way and ask if they sent it.
If the email asks you to answer for more information, just don’t. Anyone with the intention of talking to you about something will give at least some amount of details beforehand.
- No credible company or individual will ever ask you to send them login data. If they do, don’t.
- If an email states that you need to pay something with gift cards, delete it.
- If something seems to good to be true, it most likely is.
- Unexpected attachments are bad attachments.
How to react if you are a victim
First of all, contact a professional to help you with this situation. Make a list of everything that happened and all the data that the criminal could have potentially gained access to. Change your passwords on all websites. Depending on the type of phishing, the attacker could have access to all passwords stored on your device so use a different device if possible. If you think that the criminal gained access to sensitive data, inform the authorities and all entities involved. The IT professional may suggest that you reset your device, depending on the type of attack you fell victim to. That is generally a good idea.