Phishing warning

@AniphaeS

Published in 

Disordine nozioni

 · 11 Nov 2021

What is Phishing:

Phishing is a psychological tactic used by cybercriminals to deceive you into giving over information or performing a certain activity. Phishing was first used to describe email scams that attempted to acquire your internet account and password. However, the definition has now extended to encompass nearly any message-based threat. These threats begin with a cybercriminal impersonating someone or something you know, such as a coworker, a friend, your bank, or a well-known store, and sending you a message.

These messages then entice you into taking an action, such as clicking on a malicious link, opening an infected attachment, or responding to a scam. Cybercriminal crafts these convincing-looking emails and send them to thousands of people around the world. The criminals do not know who will fall victims, they simply know that the more emails they send us, the more people they will have the opportunity to hack. In addition, cybercriminals are not limited to just emails but will use other methods such as text messages or social media posts.

What is Spear Phishing:

The approach is similar to phishing, only instead of sending random emails to thousands of prospective victims, cybercriminals send targeted communications to a small number of people. The cyber attackers use spear-phishing to conduct research on their intended targets, such as viewing their victim's LinkedIn or Facebook profiles, as well as any public blogs or forums. The attackers then produce a tailored email that appears relevant to the intended targets based on their information. Individuals are significantly more likely to fall victim in this manner.

Phishing Indicators:

1. Make sure the email address is correct. This is most likely an attack if the email looks to originate from a reputable organization but the "FROM" address is a personal account such as @gmail.com or @hotmail.com or a domain that does not represent the sending organization.
   Check the "TO" and "CC" columns as well. Is the email being sent to persons you don't know or with whom you don't work? Also, if the "REPLY-TO" address differs from the "FROM" address, be suspicious.
2. Emails addressed to "Dear Customer" or such generic salutations should be avoided. If a reputable company or individual needs to contact you, they should have your name and contact information.
3. Be wary of language or spelling errors; most businesses meticulously edit their letters before sending them.
4. Any email that demands "immediate action" or creates a sense of urgency should be avoided. This is a typical tactic used to force somebody to make a mistake. Furthermore, trustworthy organizations will not request personal or sensitive information from you.
5. Be cautious of links and only click on ones you expect to see. Hover your cursor over the link as well. This displays the actual address to which you would visit if you clicked on it. If the real destination differs from what is displayed in the email, this is a sign of a cyber-attack.
6. Be suspicious of attachments. Only click on those you are expecting.
7. Just because you received an email from a friend or coworker does not mean it was sent by them. Your friend's or colleague's computer could be infected, or their account could be hacked. If you receive a suspicious email from a trusted friend or colleague, phone or email that friend to verify (in a separate email/NO REPLY).