It’s a warm afternoon; as usual, the old fisherman reached out for his fishing line and other gear. He almost stepped out of his apartment before remembering he had left the bait behind. What would have been a memorable fishing harvest could have gone wrong by missing out on the bait.
By the way, this article is not about fishing… read on.
Phishing is a technique used by cyber attackers in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details, and passwords.
When they lay their hands on the sensitive data, they strike an attack that could wipe the target’s entire data or steal confidential information like identities and financial records.
Phishing, as you would expect, has its name coined from “fishing,” and this is not just a coincidence; they work the same way – the fisherman is the same as the cyber attacker whose daily job is looking out for sensitive data to steal; the bait is the same as a too-good-to-be-true offer or packaged or cloned identity used to deceive their targets; while the fish is the target that receives a message or email from the attacker.
According to a report, around 160 million phishing scams are emailed daily, waiting to entice their targets and make them divulge sensitive data or open up their security unintentionally for an attacker to penetrate. Of the 160 million, around 16 million escape through the filters to the target’s emails, while the others are tagged spam. Around half get opened, and almost 800,000 targets take the bait and click on the malicious links.
Often, phishing attacks come with emails that almost look genuine; cyberattackers have switched up their ways and now create deceptive emails that look almost identical to the original versions. It takes only a careful assessment of the content to know if it’s fake or genuine.
What are the things to look out for to detect a phishing email?
To sound like or look exactly like a genuine brand that people trust, cyberattackers package their content to match the content, except that they replace certain characters to make their content unique. For example, a cyber attacker cloning an email from Hubspot may replace the “o” with a “0” to create a unique name as “Hubsp0t” and make their targets glance through and assume the source is Hubspot.
Because these phishing emails are usually sent to thousands or hundreds of targets simultaneously, and because the target’s details are most likely unknown yet (except their emails), cyber attackers do not personalize these messages. Most of them come with anonymous or general references such as “Dear Customer” or “Dear Esteemed Customer.”
The goal of every phishing attack is to entice the target with the embedded bait; in this case, the bait is made overly exaggerated or too enticing with inflated promises and overwhelming rewards. When these are too emphasized in any email, take time apart to verify the source again.
One way phishing attacks can be detected early is to check out the email’s sender. Does the name on the account tally with the email address it was sent from? If there’s any contradiction in these details, the best thing is to avoid such email or probe further to determine its genuineness.
Besides phishing, cybercriminals have devised other cunning ways to manipulate people into divulging their sensitive information. Stay vigilant and scrutinize any sketchy email the moment it enters. Data loss can run down your business when slight precautions are not taken.