In today’s scenario, (especially during this pandemic) most of us are working remotely. But working online and engaging with technology is synergetic only when our privacy is secured. We repeatedly hear the news of data breaches which leak most of the private information. We cannot deny that higher the technological boom, higher is the need to protect it. In the recent days, ‘Phishing Attacks’ are found to affect a lot of internet users. Even knowledgeable people are becoming the victims. Therefore, it is important to understand the methods to be safe from phishing attacks.
What is Phishing?
In simple words, phishing is the method of gathering the personal information of users through emails, links and websites. Phishing is the type of a cyber-attack where the attacker’s main goal is to make them believe that the message is something they want or need. It is an example of social engineering: a technique where the hackers manipulate the human psychology and make them commit security mistakes and gain sensitive information from it. Phishing attacks generally occur through mail, links or other mediums. However, they look genuine which appear to come from a trustworthy source. Unfortunately, these attempts try to compromise our online accounts and personal data.
In Nepal itself, recently, ‘Honda Scam’ was flowing all over Social Media. It encouraged users to click the link and share it to other people to win a brand-new Honda bike. One click on the suspicious link led people to share their personal information. Also, the next phishing attack was ‘Ncell Scam’ where the users were asked to click on the link on the “data free” Facebook post. The users who have zero knowledge of phishing generally tend to click on such links and open the gate for the hackers to receive their personal information. Phishing is a type of cyberattack everyone should learn about it in order to make their online experience safe and secure.
How to Detect Phishing Emails or Links?
We can be safe from being the victim of phishing attacks if we follow these guidelines before responding to the phishing emails or clicking on the suspicious links :
Check whether the email is from public email domain
Usually, big organizations do not send emails that end with “@gmail.com”. The companies have their own official email domain from where they send a mail to the respective people. For example, If a company’s name is TechSathi, their official email domain is like to be “@techsathi.com” on the end. So, it is crucial to check the email domain of the mail. But the hackers may have the varieties of tricks to make the emails genuine. So, if you feel suspicious about the email, you may go to the company’s official website and contact them to be clear about the matter.
Identify poorly written emails
Every organization makes sure to send a mail with appropriate English and grammar. The employees repeatedly check the mail before sending to confirm any mistakes because a simple and minor mistake on the mail may bring the reputation of the company down. Genuine companies deploy professional writers and employees to construct any email. The proper email contains the proper subject and body. The subject of the mail is written in such a way that it describes something about the body of the mail. So, if you receive an email with poor structure, then this can be a strong indicator of phishing. So, try to examine the emails properly.
The Email asks you to confirm personal information
The emails could be sent through genuine email domains and written in professional English. Considering only these two factors, we cannot assume that this is not a phishing mail. None of the organization asks you to confirm your personal information that you have never provided to anyone like bank details, login details and so on. It is better to not communicate. Sometimes, you may get the emails from the bank and the company where you work asking for your personal details. It is safer to not reply to the mail before confirming the source. It will keep you safe from Phishing.
We spend most of our time in social media where we see various offers from reputed companies. These require you to open some link to win a brand-new iPhone, car or other expensive gift hamper. When we open the link, it displays the web page of login with social account which may include Google, Facebook, Instagram and so on. When you get logged in, you will be redirected to some other new webpages. But the most important thing to consider is that, it collects your login credentials which can be misused and leaked. So, do not click on the unknown links and whenever you see posts about lucrative offers, you should rather check out the official website.
Don’t fall for Urgency
Phishing attacks use tactics such as urgency to trick victims into taking immediate actions. The message may appear as “Your account has been compromised or leaked so change the details through the attached link” and so on. You should always treat such urgency messages as scam messages.