Most cyberattacks need a lure or a medium to reach people. Ransomware attacks, fake app or document downloads, money laundering frauds, MFA fatigue attacks, etc., rely on a message sent to the target. This message can be crafted in the form of an SMS, email, pop-up, app, website, a single webpage, etc.
A phishing email usually contains a link that, when clicked, either auto-downloads and self-runs itself in the background and steals data. Or it may require someone to click open, download, and install it to have the malware do the damage.
What the phishing email maker might plan!
A successful phishing attack can bring many favors to the phisher. A hacker can steal data including login details from apps on the device, website, browser data, etc. A scammer can send a page to enter credit or debit card details to make payments for a purchase, avail of a discount, or make a charitable donation. And then register all the bank details.
A spy, cybercriminal, or a nation’s intelligence agency can find all the documents on a system, connect with other networks, and exfiltrate trade secrets. A phisher or someone who causes a phishing attack might fear if the target does not find the email authentic or reports it.
Hence, they make efforts in having the email look very similar to the company’s original one and test the malware to see how it executes and does not get noticed. They copy-paste logos from legitimate sources and create an email body resembling the original one.
A phisher may spy on the target to know what they like to craft an email around it. For instance, if a target likes shopping for summer wear or using gaming hacks, they will be sent phishing emails with content and links around them. The email may have fake discount coupons for shopping, links to gaming hacks, or infected versions of yet-to-be-launched games. One way to avoid giving any information to spies is not mentioning one’s personal choices and details extensively on social media.
Finding out what makes an email or any online communication suspicious
Suspicious activities are not clearly defined as they can vary based on the malware used to perform a set of tasks on the infected device. For some, it can be a sudden increase in battery or data usage. For others, it can be seeing unread emails reflecting as read. Sometimes, an app shows in the recently opened app tray when one has not accessed it.
Most of the well-crafted malware or ransomware is programmed to work in the background which may not show any signs on the screen. Hence, keeping an eye out for suspicious email topics is advised.
How to spot a phishing email?
To stop a phishing email, it has to be spotted. Stopping it requires being aware of common mediums through which it can reach one’s inbox. It can be spotted by closely looking at the URL for slight changes. Often, the content of a phishing email gives it away. If a user finds a trending news or issue mentioned in an email that reaches their inbox and has no clue how they found you, it might be because it was a spammy or phishing email with suspicious links in it.
Finding email, SMS, or push notifications about login to an account that one has not made, a request to update profile details using a link, an email asking to add bank details, a reminder for a payment that one has not initiated, or content that one did not request can be suspicious.
- A phishing email containing a link to a fake and infected website – The URL or the link to the website only matches the original website, however, is not the same, so it must not be opened. One can open the website in another tab and cross-check the URL. A fake website that asks for paying bills safely or updating user details, must have each character like the original website’s link. Even if it has an extra letter, number, or one less character, it must not be used further.
E.g., The legitimate payment website – https://www.bajajfinserv.in can be imitated but not completely copied by a cybercriminal. So, they may create a lookalike such as – http://bjafinserv.com. Other examples include, Amazon being spelled as Amzon.com much like clothes that have brand names or logos with slight changes such as a spelling error.
The right course of action to stop it – Find the original link to the website either by going through your older history on the browser, or Google searching the company name. When in doubt, one must go through the websites (both, the usually opened/ the legitimate one and the one in the link) thoroughly and seek to see all the pages in the menu bar and others that are opening. Fake links may have social media icons, however, do not have them linked on the webpage.
- A phishing email containing a link to documents or attached documents – If the phishing email contains a link, several links, and/ or attached documents that the user is shown to need, it is wise to ask oneself if it was called or subscribed for. Check the details in the email body for typos, and spelling errors. If the email is from a subscribed brand yet has a different email ID or content from any previous communications, it could be a fake email.
The right course of action to stop it – Ask if you searched similar content online in which the cookies and history were stolen by the cybercriminal. They can then craft a phishing email around it to trick its recipient. Calling the previously stored or legitimate customer service number from its website or social media handle can lead to the right person to verify if they have sent the email. The chatting option, phone numbers, or email addresses can be used to ask if they are the sender.
If one is not sure of the origin of an email, a few things must never be done. If done, damage control steps can be taken.
- Not opening the email to read it and not replying to it. Not even to unsubscribe.
- Marking the email as spam or clicking on the Report option or other available options help the email provider know where to place similar emails in the future. Blocking the email sender or contact is also another way to not allow phishing emails from the sender to reach the inbox.
- If the suspicious email is read, not clicking on any links in it is important.
- If a link is clicked, run the antivirus software, and stop the Wi-Fi or internet for some time. One may delete all the content. However, if proof is needed to be sent to the legitimate company or to make a complaint with the cybercrime branch, the email or its screenshot can be kept.
- If downloads are made, and software or apps are installed on the device, it can be uninstalled after detecting that it seems suspicious.
- Avoid forwarding suspicious emails to friends or family to evaluate.
How to stop and report a phishing email?
- Keeping the device up to date with its security apps in place.
- Running the antivirus and scanners daily and checking that it updates automatically.
- Using network firewalls and desktop firewalls.
- Reading cybersecurity news that is about global trends specific to one’s country.
The local police, police helpline, or specifically the cybercrime branch numbers are the ways of getting a phishing scam reported. They might require samples of the documents, dates, content topic, etc.
Cybercrime branch also have SMS service that solicit forwarded phishing emails and where complaints can be forwarded. People in the United States of America can contact the Federal Trade Commission. Official cybercrime websites are also helpful in complaining such as https://reportfraud.ftc.gov/