insuranceHow can you identify a phishing attempt?

How can you identify a phishing attempt?

Social Share:
cyber crime

Have you ever got an email or a text message via your cell phone or email address that demands immediate attention about securing your vital information? These messages always target personal information that can be stolen so hackers can impersonate the victim. Information like your social media accounts passwords, bank account pin, credit cards, residential address, phone number, and many more.

It is easier for victims to desperately respond immediately to such deceptive messages to secure their personal information. The moment you click on the URL to reply to the dishonest text is also the moment your information is leaked or disclosed to the perpetrator seeking your information.

The act of obtaining confidential/personal information using deceptive and sensitive text/message through email or text message to defraud the victim is what we call phishing. Below is more information that you may need to know about phishing.

Fake VS Real Email

Cybercriminals are savvy. They will always ensure they invent a way to compromise the computer system to lure the victim easily. Therefore, it is your responsibility to ensure that you don’t become a prey for this kind of an act. Below are tips that will help you quickly identify and differentiate between a fake and a real email.

>  Fake email characteristics

  • The email address comes from the public domain. The public domain is supposed to be used for official or authentic organizational purposes. The moment you spot the sender is using a public domain email address, you should not bother reading it. Public domain email addresses include Gmail, Hotmail, Yahoo, AOL, and many more. An authentic organization email address uses a private domain after the “@” symbol button before the character— for instance, @uwinsure.com but not This email address is being protected from spambots. You need JavaScript enabled to view it..
  • The sender’s name and email address do not match or use an unknown domain name that does not relate to the brand or organization name.
  • They use a generic domain name or email address. Most of the generic domain names and email addresses have a slight spelling. These grammatical and punctuation errors can easily be assumed to make them look legitimate or similar to the exact address. For instance, replacing an “s” with the number 5, such as This email address is being protected from spambots. You need JavaScript enabled to view it. instead of This email address is being protected from spambots. You need JavaScript enabled to view it..
  • If your email address is listed in the Bcc field (blind carbon copy), you should take precautions because a legit company does not send blind carbon copy emails to their client. An actual email address is addressed in the front of “To: or “Send to:”
  • Hover the cursor over the provided link; if the link displays different information or URL, that email is fake. Clicking a URL that shows a different one will redirect you to another site that does not relate to a deceptive message.
  • If you receive an email from your contact, please contact them directly to confirm directly from them rather than directly replying to the email. Cybercriminals are so smart that they create a virus that can hack the user’s device to create and send phishing emails on their behalf unknowingly.
  • Always contact the organization directly to confirm with them first because any legit organization has a system of reaching you directly, not unless you wanted your inquiry to be sent over an email.
  • Lastly, if the email requires you to respond immediately over something you have not been contacted directly by the concerned organization or inquired about. It would help if you did not bother even answering because it is fake.



Types of Phishing

Email Phishing

Email phishing is the oldest and the most used type of phishing. Email phishing is a type of email that is sent to alert you about the status of an account with a Malware virus redirect link that hacks your personal information. For instance, you may receive a message that alerts you that your account has been compromised. However, hackers can steal your account if you decide to click on the link associated with the message.

Spear Phishing

Spear phishing is mostly meant to attack an organization or an individual in the company by sending threatening and implicating emails with a link to click for further proof. It also usually demands an immediate response. An example of a spear phishing message is:

“We have received complaints about how you have been threatening your employees not to participate in their rights and freedom to join the Union of Workers. Click on the link below for further details and get back to us immediately after reading.”

Mobile phishing

Mobile phishing nowadays is the most common type of phishing. It can target anyone by sending a deceptive text, such as saying that your bank account has been compromised and you can receive help immediately if you contact them. For example:

“Dear Joseph Williams. Your account number has been linked with another account. Please contact us immediately so we can help you secure your account.”

For more information about the different types of business, view here:

https://www.trendmicro.com/en_ca/what-is/phishing.html

https://corrata.com/the-many-faces-of-mobile-phishing/

Phishing

Phishing VS Hacking

Phishing is the voluntary way of sharing your vital information with the perpetrator, using urgent and luring fake messages through email, phone calls, text messages, and many more. Conversely, hacking is an involuntary way of obtaining vital information by forcefully breaking in and controlling their device system.



Does phishing equal hacking?

No. Since phishing is done to lure you into submitting or sharing your personal information willingly, it gives cybercriminals more opportunity to break into access and control over your assets and devices. Hacking, however, is done involuntarily. 

How does phishing begin?

From the definition of phishing, the action begins when you respond to the email request. Hence, by continuously conversing and clicking the redirected links to malicious websites that contain malware. Malware is a deadly virus software that is hidden and capable of collecting your private information without your comprehension

Why do people phish?

Luring someone to access their personal information does not end after your information has already been disclosed. Instead, cyber attackers will use your report for an ill-motive purpose, which include as follows:

  • To provoke the victim by pressuring them emotionally and manipulating them to make payment when they browse redirected URLs.
  • To spread malware virus which is harmful to your devices thereby interfering with its functionalities or destroys your device
  • To trick, encourage or manipulate the victim into giving them money over lucrative business promises unconfirmed.
  • To steal your information for impersonation.
  • Through your contact and addresses, they can use them to track your home, which automatically endangers your safety.
  • To leak vital information that can hurt and degrade your reputation.

> Things to do After a Fake Email

After realizing that the email is fake, you should take the following precautions to secure your information from being disclosed.

They include:

  • Validate the link sent to your email by securing the website (s) with a valid Secure Socket Layer (SSL). Doing this will help validate and secure every URL before you receive them automatically, and it also blocks fake emails from opening the browser. 
  • Report to the organization about the email to help monitor your information against phishing and take immediate legal action against the fraudulent sites.
  • Change the browser setting to prevent fake websites from accessing your information. Changing the browser setting keeps the list of fake websites that cannot open your browser after changing the setting.
  • Activate spam filters because it is capable of sieving a fake and an actual email. However, it would help if you were very careful when using filters to receive fake emails because it may block even real emails.
  • Change your passwords immediately and avoid using similar passwords to secure all your accounts. The reason for changing passwords is to prevent the cybercriminal from further accessing your personal information.

Why am I being phished?

Anyone can become a phishing victim, and there must be something valuable about you that can be either because of sensitive information or money. For instance, my brother used to travel a lot to Senegal for charity projects. While in Senegal, he frequently purchased food, outfits, and flight tickets using credit cards because he was impatient with queuing at the exchange bureau. Since he had once logged in to another unsecured PC device, it made him become an easy target for phishing.

Cyber insurance helps with phishing

Cyber insurance is meant to protect sensitive information from phishing. Phishing is terrible for business, hence the need to protect your business with cyber insurance. Cyber insurance will significantly help with phishing through the following ways: 

  • > They have experts who can help you retrieve your sensitive data and secure your device from phishing.
  • > They alert you immediately when they detect phishing and help you secure your device before the perpetrator gets complete access to your sensitive information.
  • > They protect your devices from getting damaged or becoming less functional by blocking the malware from opening the browser.

Prevent phishing

A spoofed email has become a nuisance to a lot of people. However, you may even become annoyed if you do not know how to prevent phishing. Therefore, for those who have never tried, you may use the following steps to avoid phishing.

  • Use the two-factor authentication method to strengthen logging-in verification, especially when using a sensitive application with your vital personal information.
  • You may change your passwords frequently and avoid using similar or reusing the passwords for different accounts. The use of a similar password character unravels a quick and effortless way to cyber-attack.
  • Launch campaigns to create awareness and educate the population about cybercrime-related issues like phishing and prevent becoming a victim.
  • Avoid posting sensitive information that concerns your personal life, especially about your family, achievements, and occupation, because it exposes more about yourself.
  • Investigate the traffic and the sources of the link by “sandboxing” the inbound email.

Related Articles

the personal insurance expert, your insurance brokerThe certification recognizes our commitment to continuous learning, innovation and digital best practices.

Get Online Insurance Quote

Go to Top