Today, we're going to talk about phishing emails. Almost everyday, you find in your mailbox emails with the header "Claim your $10000000 now" or "You've won an iPhone" or something similar.
Now the good thing is, for emails like these, you and I can read the content and we realise that it clearly is a scam. So we don't click on the provided link in this case.
But, what if a phishing email is coming from what looks like an official Facebook/Instagram or even your work/bank domain? It is obvious that if it does look like it is coming from the official domains, we are bound to click on the links. Many people don't know that even official domains can be spoofed. For instance, I could send you a fake phishing mail from, say, [email protected] (and believe me it takes seconds to do it, it's that simple).
In such cases what do we do?
Here's what we do.
Now there are two ways. One, non technical, which all of us can use. The second one is a bit technical, and i will discuss it, but not today. In the subsequent articles.
So, the simplest way to check if the link in the email is real or fake, is to hover your mouse pointer over the link (don't click, even a click is enough to compromise your entire account in certain situations).
Now, when you hover your mouse above the link in the mail, if you see a link preview that is different than the actual link in the mail, it's more than likely a scam. So don't click on it.
Now this might not always be true and might not work in some situations. Alternatively, what you can do is:
Copy the link received in the mail (make sure you don't left click at any point) and then go to virustotal.com
Virus Total has a lot of features. It can check links/pdf/any other document and find if it is actually a phishing attempt or not. Virus Total has about 64 antivirus engines that check your uploaded links and files and give you the result within seconds.
So copy the link in the mail and paste it in the Virus Total URL section and it will give you a result. The result will show you if a link is legit or not. Why virustotal.com is the best in this case is because these email phishers, in most cases, won't target an individual (called spear phishing). Rather, they send it to thousands and lakhs of people hoping atleast a few of them would click on the link. And the more people the link has been sent to, the more chance of virustotal.com actually determining the authenticity of the link.
That's enough for this article. Hope this helps.
Great tips there! Thanks for sharing :)
I think we should really practise this good habit of identifying phishing emails given that nowadays there are getting more and more attempts at token sales for those crypto projects.
In the organization I work in, as employee, we would sometimes received these kind of phishing emails. But it's from our very own security team who sent it to test our alertness haha. I guess this kind of education training is good as it preps us and makes us more vigilant.
You're welcome, I appreciate your thoughts.
It's great that your organisation keeps sending you a mail every now and then to test your alertness. I believe that is probably the only way people will learn. Because an article or two will always have a less impact in comparison with an actual scenario. It's important we educate people when it comes to Internet security. Because with every passing day, the threats are only going to increase.
Beep bop, this is @pushbot.
I just received a signal from the Mother Ship that you may require a push.
You just got a 9.67% upvote courtesy of @howtoweekly!
Message from the Mother Ship:
You can earn daily profit by delegating SP to make @pushbot stronger. Delegators receive a share in 95% of the earnings.
10 SP • 20 SP • 50 SP
100 SP • 200 SP • 500 SP
1000 SP • 2000 SP • 5000 SP
Any Other Amount