Phishing is a scam attempt that takes advantage of the user’s unwitting behavior to steal sensitive information. Most cyber-attacks happen when you receive an email in which the sender pretends to be a known company, financial institution or public body. The message uses a threatening tone or language that requires immediate action from you, such as clicking on a link, updating information or providing information to claim a reward, prevent an order from being returned or an account or account being blocked. Bank card, etc. The important thing is not to act quickly and take a few minutes to analyze the content and the circumstances in which you received the message. Here are some guidelines for identifying if it is phishing. Be careful when:
- The message is addressed to you but is not personalized or contains generic and vague data (name, email address, mobile number, etc.);
- The tone of the message is alarming, to make you act urgently;
- The wording of the message and some words sound strange, as if a foreigner spoke them or if it were the translation of a message into another language; or it even contains subtle spelling and grammatical errors which nevertheless do not go unnoticed;
- Messages can also come from companies or organizations with which you have no connection;
- The sender’s email address does not belong to that company’s or organization’s Internet domain (although they sometimes manage to make it look quite similar);
- The messages include a hidden link to click that does not belong to the Internet domain of the company or organization.
Why Do They Know Your Email Address?
It’s simpler than you might think. In the world of cybercrime, some groups specialize in the mass collection of email addresses and confidential information for sale on the dark web. In many cases, this information comes from the breach of personal data. In other cases, hackers generate random email addresses by combining first and last names and email providers to send deceptive messages.
They can also obtain public data from social network user profiles or purchase lists of email addresses to use in their phishing campaigns. How do they know that you are a client of that company or entity or that you have a connection with that organization? Most of the time, they don’t know, but they play with probability. Almost all citizens are users of public bodies, customers of a bank or the primary energy supply companies, etc. So if they send you a message pretending to be one of them, they are likely not wrong.
How To Protect Yourself From Phishing?
When you receive an email, your email program has spam filters that block unwanted messages and users. However, it is possible that some phishing scams can bypass your provider’s anti-spam mechanisms and reach your inbox. In this case, you will have to be careful and wary of the content:
- Verify the sender of the email: check with a search engine that the address belongs to the official domain of the company or organization.
- Check the website link: Check that the web address entered in the message starts with HTTPS: // and matches the official domain of the company or organization.
- Please do not download or install attached files or programs included in emails unless you are sure they come from a safe source.
- Do not provide your data or passwords when emailing or SMS requests.
- Do not follow the directions of the message if the tone is highly alarming or forces you to decide in a short time. Contact the company by phone, app, etc., to check if it is a fraud.
Suppose you receive an email with the described characteristics and suspect it is phishing. In that case, you can move it to the Spam folder, so your email provider will receive a copy and analyze it to protect other users. Finally, if you suspect you have received a phishing email, notify your bank as soon as possible so they can act quickly to close the fraudulent website.