On this episode 5 of “WhatTheHack?”! We would be talking about Phishing Emails!

Look at the above picture.. were you shocked about what you saw? Well… phishing emails is a growing problem and is affecting more people with each passing day! Continue to read on this episode of “WhatTheHack?” to learn more about Phishing Emails!

So? In the computing world.. what exactly is a Phishing Email?

So firstly …. Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication, especially targetted at unsuspecting people.

Emails and other online communications can appear to be coming from a reputable source. These include the victim’s bank, an online payments processor such as PayPal, an auction site, a law enforcement agency or even the IT department where the victim works.

Crooks use fake but authentic looking-emails and websites to convince users into supplying information the bad actors can then use to make your life a living hell. Phishing puts individuals, companies, educational institutions and others at risk due to the possibility of allowing the bad guys to gain access to financial information, personal data, proprietary company information, health information, student data and much more. Phishing can also use the valuable time of staff members, such as those employed in the IT and HR departments, to divert their attention to fixing the damage caused by phishing, in place of their usual productive tasks.

So what are the different types of Phishing Emails out there?

1. Spear Phishing
   • Spear Phishing is a phishing attempt directed at a particular individual or company. The attack is designed to gather information about the target, raising the probability of success for the attempt. This type of phishing accounts for the vast majority of online phishing attempts today. (targetted at one person instead of a group)
2. Clone Phishing
   • Clone Phishing is where a legitimate, and previously delivered, bit of online correspondence is used to create an almost identical or “cloned” email. The cloned communication will include malicious links or attachments, which will likely be trusted by the victim due to the previous email communications. (hence do not trust every email you see)
3. Whaling
   • Whaling is a phishing attempt directed specifically at a senior executive or another high-profile target within a business. In a whaling attempt, the counterfeit email communication or website will be crafted to fit the target’s role in the company or organization. Such content could include legal content, such as a subpoena, a customer complaint of some sort or another issue fit to be addressed by an executive.

So how to spot a Phishing Email? :worried:

Firstly, if you have identified a Phishing Email, please do not bother about the email at all as it is just a SCAM!

1. Look CLOSELY at the email address
   • Cyber criminals like to spoof an email address so that it appears to be coming from a reputable domain. Although the email address look similar but one letter difference can make a lot of difference!
2. Check for SPELLING & GRAMMAR mistakes
   • If an email you have supposedly received from a major banking concern or government agency contains a number of misspellings, grammar errors and awkward formatting, it’s likely a phishing email.
3. Review the email’s SALUTATION
   • Is it sent to “Dear Customer,” “My Dear,” “Dearest” or one of numerous other odd-sounding salutations? A legitimate business that you have had dealings with before will likely use a personalized salutation, such as “Dear Jeff,” “Mr. Lebowski” or simply “Jeff Lebowski” instead of a generic “Customer” greeting.
4. Review the email’s SIGNATURE
   • Since phishers have a lack of information included in the supposed sender’s email signature. A legitimate representative of a company will always provide contact information in their signature.
5. DON’T TRUST those LINKS!
   • If the body of an email contains embedded links, do not click on them. Never click a link in an email that has been shortened. Be on the lookout for malformed links that may appear to be sending you to a legitimate website, but is instead forwarding you to a location where you may be tricked into giving up your login credentials or other personal information. This attack makes use of a malformed URL, which, even when copied and pasted into a browser’s address bar, appears benign. Even Google Chrome’s built-in security doesn’t catch it.
     • One of the hazards of clicking links in Phishing Emails is RANSOMWARE (stay tuned for the next episode of “WhatTheHack?” to learn more about ransomware!)
6. NEVER GIVE UP your PERSONAL INFORMATION!
   • A legitimate email from a bank, credit card company, college or other institution will never ask for your personal information via email.

In conclusion, Phishing Email is is the term used to identify an identity theft scam designed to target unsuspecting users of electronic communication methods, specifically email and text messages, and trick them into giving up sensitive personal or business information that can be used to steal a their identity, raid their bank accounts and more. However, one just has to take the few and simple steps above and Phishing Email can be spotted and all of your data and privacy could be saved!

On the next episode of “WhatTheHack?”, we would be exploring on what the hack is a Ransomware, how it can affect you (if you fall for its trap) and how you can spot it!! SO STAY TUNED FOR MORE HACKING/COMPUTING TERMS AND KNOWLEDGE ON “WhatTheHack?”

Extra links for you to improve your knowledge on Phishing Email:

1. A quick look at Phishing Email Wikipedia?
2. Phishing Emails: What’s the Risk, How to identify them & Deal with them
3. Scamwatch: Phishing
4. What is phishing? Everything you need to know to protect yourself from scam emails and more

Want to take a quick look at some equally exciting previous “WhatTheHack?” articles?

1. Episode 1:Trojan Horse?
2. Episode 2:Browser Hijacking?
3. Episode 3:Keylogger?
4. Episode 4:Adware?