blog

Home / DeveloperSection / Blogs / Avoiding Phishing Emails

Avoiding Phishing Emails

Elison Evan786 14-Feb-2019

Avoiding Phishing Emails

Some of the secrets to avoiding phishing emails is pretty straightforward. Most people know not to click on links in sketchy email. Despite this, people fall for these phishing attacks all the time. The FBI even suspect a phishing email is how the Russian hackers who were indicted this week got into Yahoo’s system. It’s a similar case for the breach of the Democratic National Committee, and the Sony Pictures hack. In fact, there's currently a Gmail phishing scam going around that has even caught out a number of super savvy techies.

Phishing scams work by tricking you into clicking on a link or attachment that either instantly infects your machine with malware or alternatively takes you to a page that looks legitimate but isn't and is designed to steal your private information. As much as 100,000 new phishing attacks get reported every month, and thousands of people fall for them according to the Anti-Phishing Working Group. You can increase your chances of avoiding phishing scams by following a few simple steps. But above all, remember that when it comes to your email you can't really trust anything.

Think twice before clicking, and then think again

"At the heart of phishing is a scam," says chief technology officer at the phishing research and defence company PhishMe, Aaron Higbee. "The people who are sending a phishing email have to be clever email marketers to get a user to engage." Often, they achieve this by playing with your emotions.

That's why listening to your gut is one of the most important thing experts recommend is to. When something feels off, it usually is. However, since the whole point of is to get you to do complete an action without raising suspicions, you need to practice scepticism even when things seems fine. No matter how innocuous they seem or who appears to have sent them, you should generally be reluctant to download attachments and click links.

"We’re conditioned to try to help people and be nice. You don’t want to seem rude or defensive," says Trevor Hawthorn, the chief technology officer at Wombat Security, a phishing and security awareness company. "But one of the most important things people can do is when something is being asked of them, when there’s some sort of call to action, think about the context of what the sender is asking you to do. If there’s a sense of urgency that’s when I would be a smart sceptic and slow down."

This generally doesn’t come naturally and takes practice. Wombat has discovered that when people do consistent anti-phishing training (say, once a month) they are better equipped to avoiding phishing links than when they haven't had lesson in a few months. The good news is you can still work to be sceptical about all your email all the time, regardless of whether your job offers a phishing prevention program or not. Although it is easier said than done, keeping that attitude in mind can only be beneficial.

Consider the Source

This is a particularly important step. However, it is becoming increasingly difficult now that attackers can send spear phishing emails that look like they are from your friend or even your bank. Things get even more trickier in cases when the messages are from legitimate sources, as a result of attackers taking over a real email account or phone number phishing from it.

So, what can you do? Firstly, you should scrutinize the address it says it came from and the text of any URLs it contains to decipher dad@apple.com from dad@app1e.com. If the source is legitimate, but the text seems out of character, ask yourself the question, "Would my Dad really send me this email?" Again, if something feels strange about an email that someone you know sends (especially if it has a request in it) it is worth bearing in mind there's a distinct possibility they've been hacked. Reach out to them separately on a trusted channel and ask if they sent you an email, before opening any links or replying to the actual email.


Updated 14-Feb-2019

Leave Comment

Comments

Liked By