Underneath E-mails: Phishing Attacks
Our colleagues at Bitdefender France have started an interesting series of articles to reveal what apparently innocent e-mails may hide behind the lines, links or attachments. We decided to share their tips and tricks on how to avoid the online threats spreading in our inboxes.
We’ve said it over and over: nobody should open attachments or click links from unknown senders. Curiosity may lead you to the wrong places of the World Wide Web, and bad things can happen fast. Let’s see what are the biggest dangers luring users via e-mail. Today is all about phishing in the dark seas.
1. What is phishing?
Phishing is a social engineering trick designed to steal users’ personal data such as passwords and banking details via fake websites that mimic online properties of real organizations.
2. Phishing baits
Cyber-criminals usually pose as services that contact people by e-mail for announcements or notifications. Facebook, eBay, phone services and financial institutions are among phishers’ “companies” that invade inboxes worldwide. A few months ago, phishing e-mails contained a lot of grammar mistakes, but in the meantime cyber-crooks became more careful with their language. Phishing attacks are now better crafted and more targeted than before.
Reimbursements, unpaid bills, payment errors, accounts to be urgently closed – all are just excuses to dupe users and redirect them to fake phishing web sites. These rarely have credible URL addresses, and are most often hosted on hijacked amateur websites. However, most are graphically impeccable, as they are “visual” copies of authentic web pages.
In this example, only the form is interactive, while the rest is a JPG image illustrating a screenshot of the legitimate website.
An alarming message helps scammers steal personal details in minutes. Phone numbers, banking details, addresses, usernames and passwords are grabbed in a simple, yet well-crafted phishing attack.
3. How to detect phishing scams
• Be skeptical when you receive an e-mail from someone you don’t know.
• This isn’t always enough, especially if you get e-mails from services you’re subscribed at. Check for oddities: images of poor quality, grammar mistakes, words not translated in your language. An authentic company will never ask for your credentials via e-mail.
• When in doubt, go to the official website of the service you’re subscribed at by typing the address directly in the browser without clicking on the text or links in the e-mail.
• Do your research on the Internet to check if there’s a phishing alert taking advantage of that particular service or company.
• You can always call the company allegedly sending you the e-mail to check if the e-mail is fake or not.
• Finally, don’t trust the e-mail address of the sender, because scammers can also use a trick that may hide their real e-mail address.
To stay protected from phishing scams, make sure you keep your antivirus solution updated.