Loading...

Tuesday, May 28, 2013

How to identify Phishing Email

 How to identify Phishing Email

 Phishing is a masked attack through email that inveigles users into believing they are receiving the mail from a genuine party and leads them on to parting with sensitive information such as user names and passwords of bank accounts or credit card details. Unless you know and can distinguish between genuine and fake or phishing email, you may end up disclosing such details to people who may misuse and exploit the information. There are several pointers to identify such phishing mails.

Similar looking or sounding domain names are one of the simplest ways to spoof users into believing they are receiving the mail from a genuine party. For instance you may receive an email purportedly from Virginair but a giveaway is that the email address may be something like virginair@yahoo.com. Big companies always have domain linked email addresses.

Spelling mistakes are common in phishing attacks. For instance, the domain name may appear as Facbook.com instead of Facebook.com. Grammar and text of the mail are also pointers. The mail will contain many such errors and could have a pompous ending such as “from the desk of….President”.

Redirection is another way to fool recipients. If you click a genuine looking link in your email, you are redirected to another site. Sometimes, the email may suggest “click here” and when you do, you are taken not to a secure website or the company’s original website but to another website. That may be a single level domain or could be a combination of top and second level domains, which is another giveaway. If you hover your mouse pointer on the link in the email, the actual link shown will be different. Beware in such cases.

Beware of domains that contain too many “dot” pointing to subdomains used by attackers to fool recipients. Instead of http://www.virgin.com the link would show up like http://www.virgin.update.accounts.com.

Attackers also use javascript to hide information. A giveaway is when your email shows up a flag “contains javascript” or something like <script> or tag. Phishers also use images to indicate URLs that you must click, instead of plain text and thus bypass spam filters.

If you do click on a link and are taken to an apparently genuine looking website, a popup window upens asking you to enter sensitive information. In almost all such instances, this is a phishing attack and you should not enter any details. 

In cases where secure transactions take place, genuine websites are always secure and domain starts with https:// instead of plain http:// ; if it does not, avoid entering any details and close window.

Another method is to use HTML mails to deceive recipients by disguising the URL link. In any case, when you receive such an HTML email warning you to update your account, take action immediately to avoid penalty, that your system is compromised or follow a link to claim a grand prize are suspicious. It is not possible to hide deceptive URLs in plain text mails and HTML mail is one way to hide the link. Suspicious emails may also contain more than one straightfoward link or have a link string incorporation a question mark or redirection that will always take you to another website other than that shown.

Another tactic Phishers use is to register fictitious similar sounding domain names but with a different extension. For instance virginair.com may be the genuine website but virginair.cc is a fake. Phishers also use fraudulent means to register fresh websites and send emails using that domain name. Not all of us will care to check with the registrar but if you do and find it is a freshly registered one, chances are your mail is a phishing attack. As a matter of precaution, never click on suspicious links contained in emails. Instead, visit the website, verify it is genuine and find out if action is needed on your part.

Another indicator of a phishing email is that links do not contain names but have IP address such as http://192.192.1.1/yahoo.update. Avoid clicking links that have such IP addresses.

As phishers develop sophisticated methods, it is for the end user to keep abreast with technologies and methods and thus remain safe.

No comments:

Post a Comment