What is a phishing attack and how to identify it — the definite guide

Spam

  • Money loan frauds
  • “Make money fast” frauds
  • Pharmaceutical marketing
  • Chain mail
  • Illegal pirated software etc.
  • Your friend emailing you with funny cat videos multiple times a day (your friend is a known entity to you)
  • Your boss sending you an unexpected employee termination letter (certainly unwanted, but not spam)
  • Emails containing malicious software like viruses (they have some common points, but they are not considered spam)
  • The sender is unknown or suspicious
  • It has spelling errors, often seemingly unintentional, with the goal of tricking your spam filter
  • The author is claiming that the email isn’t spam
  • Offers are on a large discount, but just for you or for a short and limited period (asking to perform some urgent action)
  • You are gifted with an award, mostly financial

Phishing

  • Email is sent over a new domain — the domain is activated a few hours or days ago
  • Multiple domains in the URL — phishing emails often ask you to visit an attached URL. Sometimes that particular URL can have multiple domains, which is a case of a URL Redirection Attack. (e.g., http://www.example.com/login.php?redirect=http://www.bla.com/home.php)
  • The occurrence of an IP address in a URL — legitimate websites usually have their own domain.
  • The occurrence of shortened URLs (Bitly, TinyURL)
  • Mismatch of email from the email header and the email body
  • There are problems with your account
  • You must confirm some personal info
  • You must perform some kind of urgent action
  • You should check the attachment
Ledger phishing attempt

What is a spear phishing attack?

  1. Attacker researches his victims and all info about them (email, full name, native language, job position)
  2. Once the data is collected, the attacker works out a strategy. Usually, this includes duplicating web pages that the victim is familiar with and creating a fake email address
  3. The attacker sends a fake email message that looks like it came from the trusted person/institution. More sophisticated attacks are happening over several emails, where attackers gradually build trust, story, and context
  4. Attack usually ends with the victim sending valuable information
An example of email spoofing
Email headers of phishing attempt examples

Conclusion

  • Click on any URLs
  • Click on any form buttons
  • Open any attachments, no matter the extension
  • Provide personal, confidential, or credit card information
  • Provide passwords
  • Disconnect your device from the internet and any networks to reduce the potential spread of the malware
  • Perform a complete scan of your system
  • Contact your financial institution or bank in case your financial information is at risk
  • Phishing and spear phishing attacks are very easy to perform
  • No technical/hacking knowledge is needed to perform these types of attacks
  • It is easy to obtain tools and scripts to perform phishing attempts

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Barrage

Barrage

We are a team of creative and talented individuals who build reliable, UX oriented, and custom-tailored digital products and provide real-time customer service.