A few weeks ago, when we covered the different types of cyberattacks, we briefly introduced the concepts of social engineering and phishing. Given the popularity, we thought it would be great to delve into some tips for identifying and dealing with such scams.?
First and foremost, let’s define the term phishing. It’s a type of social engineering attack in which a cyber threat actor (CTA) pretends to be, for example, a reputable company, an acquaintance, or even an officer from law enforcement and attempts to steal information, like passwords or financial data, through a fake message containing a link.?
Note: While the tips shared in this article are generally used to identify phishing emails, some of them can be used to spot the other flavors of social engineering attacks like smishing and vishing.
Here are some pointers to detect phishing messages:
- Sense of urgency: Often CTAs will claim a reward or penalty for immediate action, like clicking or calling. This tactic is commonly employed so that the victim doesn’t contact a trusted party (for example, their bank).?
- Spelling and Grammar: This can be a result of poor translations, but if you see an email with obvious errors, it's most certainly a scam.?
- Suspicious email domains: Pay attention to the email domains. In some cases, they can contain subtle misspellings like amaz0n.com instead of amazon.com. There might also be instances where the “domain extension” or Top-Level Domain (TLD) is, for example, Gmail.ru instead of Gmail.com.
- Look out for unfamiliar senders: Be cautious about messages from unknown senders. If you work for an organization that uses, for example, Outlook, the mailing service can be configured to tag non-company emails with an External tag.?
- Generic greetings: Messages that begin with “Dear Sir/ Madam” instead of a personalized salutation from your bank, for example, should let the alarm bells go off. Companies that know you will typically greet you with your name.
- Dubious links and/ or attachments: Never open an attachment from an unknown sender, or if you do decide to open it because the sender appears to be legitimate, use your antivirus solutions or tools like Virus Total to scan the file. With regards to links in emails, one recommendation is to hover over (without clicking) them. If the address does match with what’s written in the email, it's most certainly a malicious link.
Note: On a mobile device (whether Android or iOS), you can long-press the link till a dialog box opens where you’ll be able to see the link).
Now that you have a better understanding of identifying potentially malicious emails let’s assume you accidentally interacted with one. Well, you should consider taking the following actions:
- If you merely clicked on the link and got redirected to a website that looks suspicious, do not enter any information.
- Disconnect that device from the internet, as some types of attacks can provide cybercriminals with more information about you and even allow them to connect to other devices.
- Scan your device using an antivirus solution.
- You could consider a factory reset.?
- Change all your passwords and contact the different service providers (for example, banks).
- Notify your loved ones and employer. Your employer, for example, could disable your account/ device or some of its features.
- Be on the lookout for suspicious activity, like logins from unknown locations (Some platforms might even notify you of unusual logins).?
- Update your device.?
- Forward/ report the email to your local authorities, antivirus provider, or even email service provider (such as Outlook or Gmail).?
We thought we’d end this week’s article with a humorous video. Please do not attempt to do it.?
Next week we’ll cover the complexities around ransomware.
This article is part of a project called Security Chronicles, written jointly with
Walter Buyu
.
