What is phishing?
Phishing is a cybercrime in which scammers try to lure sensitive information or data from the targeted person by disguising themselves as a trustworthy source. Phishers use multiple platforms such as email, telephone or text message but, the ultimate goal no matter which method scammers use is to get your personal information so that they can use it to access your bank accounts, credit cards or your organization’s confidential information.
When phishing attempts are launched by email, they often give clear signs that the request is not legitimate. Links in email to fake pages often take you to a website that look very similar to the legitimate service. This services may vary depending on what the cyber criminals are researching on you, such as banks, e-wallet accounts, email and social networking accounts. Sometimes, cyber criminals phishing emails to multiple addresses randomly in hope that one answer will be enough. However, sometimes phishing attacks targets specific individuals which is called spear phishing.
Phishing awareness tips to help you understand phishing emails
Online forgery is a broad subject with many methods such as theft of credit card, seizure of banking credentials, hacking of social media accounts, and the implementing malware on computer systems. Email phishing is one of the common ways that this is done. To help you understand phishing emails and develop your phishing awareness, always be keen to look out for the following telltale signs of a phishing attempt.
Fake URL
The URL in a phishing message in your inbox may seen perfectly legitimate, however, if you put your mouse over the URL without clicking it, you can see the redirection page (hyperlinked address). If the URL address in your inbox is different from the address hyperlinked, this is most likely to be a phishing email.
Domain name
In phishing emails, cyber criminals use different domain names from the legitimate source. When you look at the last part of a domain name, you can see the domain is different from the original. For instance, while the domain name www.reald0main.c0m might be the original name of the legitimate page, www.reald0main.c0m.s1yf0x.c0m would be the fake address.
Poor spelling and grammar
A message with poor grammar or spelling mistakes will probably be a phishing scam. Institutional messages are usually reviewed, and it is highly unlikely for one cannot find any spelling, grammar mistakes.
Personal information
An official institution never demands your password, credit card number, or the answer to a security question on email. Beware of such messages.
Beware of the message content
If you get a message informing you that you have won a lottery, you have never bought, it then is a scam. Also, if the message makes unrealistic threats, or demands money, it will be a scam.
Avoid phishing scams
Never hand over your credentials such as passwords, and sensitive information like bank account numbers.
Do not click on the link in emails, instead, type down the address on your browser. Avoid suspicious email attachments or links.
If necessary, verify the sender. Check the web address any private information Find ‘https://’ and the padlock icon in the address.
Update your operating system from the official update site, and use an updated antivirus solution with phishing filters from a reputable vendor.