Phishing Attack and Email Hacking- How to Avoid Phishing Scam

How to Avoid Phishing Scam

In this blog, I usually discuss and review about different ways to make money online, however, it is equally importance for me to educate my readers on other issues that may be of significant to them.

As we all know, in the recent years, the number of cybercrime (crime committed using a computer and the internet to steal a person’s identity) has tremendously increased in number and many people have fallen victims to these types of crimes.

Today, I am going to discuss about cybercrime and how you can avoid or protect yourself from becoming a victim of a phishing scam.

What is Phishing?

Phishing is a criminal mechanism where programmers and computer engineers plant malicious software onto PCs to steal personal information directly, often using other systems to intercept the local infrastructure and redirect users to counterfeit websites.

Hackers have taken advantage of the advanced technology to come up with sophisticated programs that they use to get access to personal information. This is not only scaring but it is a very devastating experience once you find yourself into their trap.

Risks Involved in a Phishing Attack

The following are possible risks associated with a phishing attack;

  • Financial losses which is not recoverable
  • Identity theft
  • Endless legal issues problems
  • If phishing involved a credit card theft – credit rating may be harmed for ever.
  • Invasion of personal or company privacy
  • Disruption of the working environment
  • Income or revenue loss
  • Damage to company brand or reputation

How to Avoid a Phishing Scam

The most commonly method used by scammers and hackers is sending email to unsuspecting individuals and purporting the email to have come from legitimate sources. The email message usually do have a hyperlink embedded in the message.

Phishing Email Characteristics

  • Email, instant message or text coming from unknown sources.
  • You receive unsolicited email or text message. Email or text message that you were not expecting (mostly junk emails).
  • The email is requesting for personal or sensitve information.
  • The email or message received convey a sense of urgency and it is requiring the user to act immediately or it is threatening with an action. For example, if you do not respond within the next 24 hours, your account will be terminated.
  • No one is addressed to in the email header. Missing name of the person the email is addressed to.
  • You do not have a previous personal or business relationship with the person sending you this email.
  • The email contains spelling or grammar errors.
  • The email contains a embedded hyperlinks or URLs that is different from the real URL displayed in the email client.
  • Messages and URLs which are shortened by use of URL shorteners, hiding the real URL of the website.

This is an example of an phishing email. Please take note of the important clues found in the email;

From: www.reviewearn.com
To:
cc:
Subject: Membership Verification

This email is to inform you that due to the increased number of new members joining our program, we have decided to review the membership status of our current members.

In line with this and for you to continue use our service, we require your to confirm your membership once again by follow the steps shown below;

  • Click on the confirmation link found at the end of this email message.
  • Once you are on the new page, fill all your personal information needed including your payment details.
  • Click on submit the form.

Note: All members are required to confirm their membership within the next 24 hours. Members who will not have confirmed their membership by the end of this day risk their account getting suspended.

Please confirm your membership by clicking on the following link; www.reviewearn.com

Thank you and look forward to working with you once again.

Yours sincerely,

Tito
The Director.

Let us now take a look at the email message above and identify some of the clues;

  • Authentic header client address email (reviewearn.com.com) – meant to confuse the email reader.
  • Recipient name missing on the header
  • First paragraph seems ok
  • Poor grammar in the second paragraph (word written in bold letters)
  • Asking members to fill in personal information including payment details.
  • Sense of urgency and threatening of interruption of services.
  • Hyperlinks embedded in the email message.

To know the real URL of a website, just hover your mouse over the hyperlink above (www.reviewearn.com) or click on the link and check your browser for the actual URL .

You will notice that the hyperlink URL is different from the actual URL of the website – www.reviewearn.com. In this case, the URL of the hyperlink is; http://www.reviewearn.com.kimo.com/personal/Paypal.com/login.html, which will take you to a different website.

How to Identify a Suspicious URL
Scammers and hackers try to confuse users by hiding the real URL or by concealing URLs found in email messages and other documents where the hyperlinks are embedded.

Before you read the next paragraph, I want you to take a closer look at the this hyperlink; http://www.reviewearn.com.kimo.com/personal/Paypal.com/login.html and then answer the following question.

What is the real domain name of the above hyperlink?
(a) www.reviewearn.com
(b) Kimo.com
(c) Paypal.com

From above hyperlink, the real domain name is not www.reviewearn.com or even Paypal.com but it is kimo.com. The real domain name is found by looking at the first single forward slash and then going backwards to the two dots in the character steps.

In the above example, the first single forward slash is before the word personal. The word kimo is found in between the two dots in the character step, making it the real domain name.

Characteristics of Suspicious URL or Suspicious Domain Names

  • Check if the domain name is unknown or you cannot recognize it.
  • If the domain name contains numeric that looks like IP address (decimals, octal and hexadecimal digits).
  • Domain name is made from a long string of character with the intention of trying to divert attention from the actual website name.
  • Look for spelling mistakes in the domain name. Usually slight variation from the familiar names or brand names that is very hard to notice.

How to Respond to a Phishing Attack

DO NOT CLICK ON ANY LINK or reply to the message. If you want to forward the email to someone else, send the email as an attachment.

Phishing Attack Victims

  • Save the details of the incident or what happened during the phishing attack.
  • Change all your password and other personal information which might have been compromised.
  • Immediately report the incident to the cybersecurity organizations in your location or country.

I just hope this article will guide you in knowing how to identify a phishing email and what to do incase you become a victim.

Leave a Reply