The Anatomy of a Phishing Email: 5 Things to Look For Before You Click

The Anatomy of a Phishing Email: 5 Things to Look For Before You Click...

Phishing attacks are now considered the main source of data breaches. 

91% of cyber attacks start with a phishing email *
Ten years ago, if you asked someone what ‘phishing’ was, they probably would have no idea. Since then, times have changed considerably; phishing attacks are now responsible for a significant number of major data breaches.
Phishing may have made its way into the mainstream vernacular, but there is still confusion about the subject—and rightfully so. Phishing attacks are becoming more sophisticated and targeted, and even the most tech- or security-savvy people can find themselves a victim. So, how do you make sure you don’t fall victim as well? Use this five-point checklist to closely examine the validity of incoming email. When in doubt, don’t click!

1) The Sender

This is your first clue that an email may not be legitimate. Do you know the sender? If not, treat the mail with suspicion, and don’t open any attachments until you verify with the purported sender that they meant to send them. If you believe you do know the sender, double check the actual email address. Often, a phishing email will be designed to look like it comes from a person you know, but there will be a slight variation in the address or they will spoof the envelope to show you a name you recognize.

2) The Subject

Pay attention to subject lines! While something like, ‘Claim your ultimate deal now!,’ can be an obvious sign of a phishing email, the far more successful subject lines are the ones that don’t raise that much suspicion. ‘Account action required’, ‘Delivery status update’, or ‘Billing statement confirmation’ can all be ploys to weaken the email recipient’s defenses through seemingly ordinary alerts.
Remember, if something legitimate is that important, your bank, employer, doctor’s office, retailer, or credit card company will find an alternate way to contact you when you’re not responding over email. When in doubt, call to ask if they’ve sent you an email, but do not make that call to a number that was in the email message you are calling about!
Most clicked email phishing subject lines.*
A delivery attempt was made (18%)
A UPS label delivery  (16%)
Change of password required immediately (15%)
Unusual sign-in activity (9%)

3) The Body

The body of the email can hold a whole new set of clues, including misspelled words and confusing context. For example, are you asked to verify a banking account or login to a financial institution that you don’t have an account with? Did you get an email from someone you may know that has nothing in it other than a short URL? Does the content apply to you or make sense based on recent conversations or events? Similarly, if it is a known contact, is there a reason they would be sending you this email?
Hackers can also use current or popular events to their advantage. For example, holiday shopping, tax season, and natural disaster or tragedy relief efforts are all used to sneak an unsuspecting phishing email into the inbox of thousands of targets. Did you know that the IRS reported a 400 percent increase in phishing scams for the 2016 tax season alone?
How will you know if an email is valid or not? This is where other email clues will come in handy!

4) The Attachments

The golden rule — do NOT open an attachment if any other aspect of the email seems suspicious. Attachments often carry malware and can infect your entire machine.
7.3% of successful phishing attacks used a link or an attachment**

5) The URLs

Similar to attachments, do NOT click on a link if anything else about the email seems suspicious. This is usually the attacker’s ultimate goal in a phishing scam — lure users to a malicious site and trick them into entering login credentials or personal information, allowing the attacker full account access.
If you do click on a link, be sure to also verify the actual URL. Are you on Google.com or Go0gle.com? The variations can be slight, but they make all the difference! That said, be aware that a malicious site will not always be visibly reflected in the URL, and therefore you will not be able to tell the difference. If this is the case, most browsers have built-in phishing protection to alert you that something is wrong.  
15% of individuals who fall for an initial phishing attack admit to falling for a phishing attack a second time.**

By using these five email checkpoints, you will be more equipped to decipher a phishing email. However, some phishing attacks are so sophisticated that they can even fool the savviest of users. The good news is that there are technology solutions, such as two-factor authentication, that can help, and we strongly recommend 2FA with the YubiKey on Google's G-Suite.

Alongside, we also STRONGLY suggest that, let's make our own domain Anti-Spam, Anti-Phishing, Anti-Making, Anti-Virus, Anti-Malware, Anti-Ransomware READY and that's how kick off those Bad People who intends to send out things using our domains. 

We are Specialized in to such Safety and Security Policies to be applied on GOOGLE Domains.

Connect with us on desaitechindia@gmail.com or Dial on +919638843229


Courtesy = https://tinyurl.com/y9jrxer3

Comments

Post a Comment

Popular posts from this blog

How Google reinvented security and eliminated the need for firewalls

Image
How Google reinvented security and eliminated the need for firewalls In some ways, Google is like every other large enterprise. It had the typical defensive security posture based on the concept that the enterprise is your castle and security involves building moats and walls to protect the perimeter. By Neal Weinberg Executive Features Editor, Network World | Feb 15, 2017 10:48 AM SAN FRANCISCO -- In some ways, Google is like every other large enterprise. It had the typical defensive security posture based on the concept that the enterprise is your castle and security involves building moats and walls to protect the perimeter. Over time, however, that perimeter developed holes as Google’s increasingly mobile workforce, scattered around the world, demanded access to the network. And employees complained about having to go through a sometimes slow, unreliable VPN. On top of that, Google, like everyone else, was moving to the cloud, which was also outside of the cast
Read more

7 free alternatives to Microsoft Office you can consider

Image
  7 free alternatives to Microsoft Office you can consider Microsoft Office is one of the most-popular productivity suites globally. It is used by companies worldwide for spreadsheets, Word, PowerPoint and more. However, it really does not come cheap. if you are are looking for some more affordable/free alternatives, here are seven that you can look at:   Google Workspace Google Workspace is one of the most popular alternatives to Microsoft Office. It is free and offers users 15GB of cloud storage for storing files, mails, attachments and more. Workspace includes several Google apps and services including Google Docs, Sheets, Slides as an alternative to Word, Excel and Powerpoint. It also includes Google Drive, alternative for Microsoft OneDrive.   iWork is another good free alternative to Microsoft Office, but it is best suited for Apple users (Mac, iPhone and iPad). There’s a web-version too, but it has limited functionality. In terms of Apple iWork offers Pages, Numbers and Keynote
Read more

How to back up Android devices: The complete guide

Image
How to back up Android devices: The complete guide Make sure all your important data is always synced and protected with this easy-to-follow Android backup guide. Thinkstock 'Twas a time not so long ago when backing up an Android phone was a massive, migraine-inducing undertaking. It's true: A mere matter of years back in our mobile device saga, a proper Android backup required physical computer connections , complicated third-party software and more than a few adult beverages. But my, what a difference a few years makes. These days, backing up an Android device and keeping your data synced takes little to no actual effort. Most of the work happens seamlessly and automatically, behind the scenes — either without any involvement on your behalf or with a one-time opt-in when you first set your phone up. And restoring your data is typically as simple as signing into a device and letting Google's systems work their magic. Still, your data is i
Read more