How to Avoid Phishing Emails
With the Corona crisis, the increase in remote activities, such as home office, and virtual schooling, also increase vulnerabilities making cyberattacks more appealing to hackers.
Even if you are an expert, sometimes the stress of a busy day can take your attention and, with one click, compromise your cybersecurity. Cybercriminals take advantage of human mistakes to make some of their moves. Our cybersecurity team put together some tips to help you avoid phishing emails.
What is phishing?
Phishing is a threat used to obtain a person or a business’s sensitive information, such as passwords, credit cards, bank accounts, and others. That is where the phishing emails come from, and they are fraudulent emails to get valuable personal information.
How to recognize phishing emails?
Phishing emails generally are done by impersonating a familiar contact or a well-known brand or business. The content of emails can vary from your superiors asking for some critical data, or clones of transactional emails, and gift cards. But they all have one of the following principles within them:
Authority
Intimidation
Consensus
Scarcity
Familiarity
Trust
Urgency
Phishing attacks will try to frighten the recipient presenting an urgent reason why the sensitive data should be entered immediately. The messages contain threats, for example, to block the account if no action is taken, they even use anti-phishing topics as a strategy.
The attacks can be random or targeted. In the first case, the fraudsters use a website with a high number of users, such as Amazon. In the second case, also called spear-phishing, emails are carefully designed to target a user. For this purpose, phishers study the user, research their organization, websites, and social media profiles.
The emails often contain unsolicited attachments or links with malware (virus, trojan, spyware, and others), which will infect your computer, giving hackers the ability to steal confidential data or hijack your computer. The links often also take to a fake website that looks exactly like the original.
Often those emails are poorly written and come from a free domain (such as Hotmail, Gmail, and others), while companies generally have their own (for example, visionspace@gmail.com, instead of @visionspace.com).
How to avoid phishing?
There are some technical ways to prevent phishing, such as using spam filters, and secure connections (HTTPS), having up-to-date malware, and browser, as well as creating multiple levels of defense for your email network. However, it is crucial to increase user awareness to avoid phishing.
It is vital to check the sender’s email and details and to look at URLs carefully. Don’t forget to hover the mouse over any link in the email to see the landing page before clicking on it. Be wary of URLs beginning with IP address, or containing the name of the company with additional words, as well as dots instead of slashes (example: real - visionspace.com, fake - visionspace.login.com). Pay proper attention in this part, sometimes phishers use a very similar URL with a subtle misspelling, for example, arnazon.com, instead of amazon.com.
If you click on a link hidden by a “Click Here” button, check the website, and the URL showing in your browser. Same for shortened URLs, such as the ones using bit.ly, big companies like Amazon, and eBay, also have their personalized version of a short link. Pay attention to the primary link, as emails can contain real links to fool the user, but the call to action link asking for the information is fake.
Be suspicious of any email asking for sensitive information, companies in most cases don’t do it, messages that require urgent action, misspelled words in the subject line, or grammatical errors in the email content.
Double-check invoices or email inquiries that arrived without a context, as financial transactions should always be verified, use other trusted and verified channels and confirm with people responsible for the operation. And don’t forget to report emails to anti-phishing organizations.
We all can be a target of a phishing email, and following these simple tips can help avoid a lot of work and headaches in the future.
For more in cybersecurity, click here. Follow us on Linkedin, Twitter, or Facebook to get our updates.
This article was written by Juliane Verissímo - Marketing Department of VisionSpace