Debug School

Cover image for Phishing Prevention
Suyash Sambhare
Suyash Sambhare

Posted on

Phishing Prevention

Phishing is an assault that aims to steal your money or identity by tricking you into disclosing personal information on websites that look authentic, like passwords, bank account details, or credit card numbers. Cybercriminals usually pose as friends, acquaintances, or respectable businesses in a phony message that links to a phishing website.

Sources

The majority of phishing attempts are sent via email, although they can also be received by phone calls, texts, or direct messages on social media (a practice known as "Vishing"). What they all have in common are:

A trusted sender

The call or message will seem to be from a company or somebody you know and trust. It might be your bank, the government, an online retailer like Amazon or Apple, a streaming service like Netflix or Spotify, or any other well-known service. Scammers with extreme bravery can attempt to pose as your family member or boss.

An urgent request

There is typically a sense of urgency in the messages. You need to move immediately because something is going to be canceled, you're going to incur a penalty, or you're going to lose out on a wonderful offer.

It is imperative that you act upon the message without excessive contemplation, seeking advice from a reliable source, or investigating the possibility that the message is fraudulent.

A link or attachment

Typically they will urge you to click on anything in the message, usually an attached file or a link to a website. Most likely, the website will be a spoof of a real website, created to trick you into entering your login credentials or other private information so they may use it for their own purposes. It's very likely that any attached file contains malware.

Identify Phishing Attacks

Because phishing is so successful, it is a common type of cybercrime. Cybercriminals have had success in getting people to reply with their personal information by sending emails, texts, and direct messages on social media or in video games. Being informed and knowing what to look out for is the best defense.

Urgent call to action or threats - Be wary of emails and messages that insist you need to open, phone, or click a link right now. They frequently say you have to take action right away in order to get rewarded or stay out of trouble. Phishing assaults and scams frequently use the tactic of instilling a false feeling of urgency. They do that action in order to prevent you from overthinking it or consulting a reliable source who might issue a warning. Whenever you come across a message that demands that you act right now, stop, take a moment, and carefully read the message. Do you really believe that? Be cautious and go slowly.

First time, infrequent senders, or senders marked [External] - Receiving an email or contact from someone for the first time is common, particularly if they are not affiliated with your company, but be wary that it may indicate phishing. This is the moment to slow down and be extra cautious. Take a time to thoroughly review any emails or messages you receive from senders you are unfamiliar with or who are tagged as new. You can do this by following some of the steps listed below.

Spelling and bad grammar - Businesses and organizations typically employ writers and editors to ensure that their clients receive content that is of the highest caliber. An email message may be fraudulent if it contains glaring spelling or grammar mistakes. These mistakes can occasionally be the consequence of clumsy translations from foreign languages, and occasionally they are intentional attempts to get beyond filters designed to stop these attacks.

Generic greetings - A company you do business with ought to recognize your name, and sending a personalized email is becoming increasingly simple. A generic "Dear sir or madam" at the beginning of an email is a red flag that it may not be from your bank or online retailer.

Mismatched email domains - It's most likely a scam if the email appears to be from a respectable organization such as Apple or your bank, but it's coming from a different email address, such applesupport.ru or gmail.com. Additionally, keep an eye out for extremely subtle misspellings of the official domain name. Similar to app1e.com, where the "l" has been swapped out for a "1" (nuumber 1). These are scammers' typical tricks.

Suspicious links or unexpected attachments - Don't open any links or attachments you get if you think an email or message, is a hoax. Hover your cursor over the link instead of clicking on it. Examine the address that appears when you move your cursor over the link. Check to see if the address there and the URL entered in the message match. The actual web address in the box with the yellow background in the example below can be viewed by hovering the mouse pointer over the link. The series of digits doesn't resemble the website address of the business. On Android long-press the link to get a properties page that will reveal the true destination of the link. On iOS do what Apple calls a "Light, long-press".

Cybercriminals may also use other techniques, including texting or calling, to entice you to visit phony websites. It could be best to end the call, get the establishment's number, and give them a call back when you have some space in your mind to avoid feeling pushed or intimidated. Advanced fraudsters set up call centers to SMS or phone potential targets' numbers automatically. You'll frequently receive these notifications asking you to provide a PIN or other sensitive data.

Phishing

Precautions

Never open any attachments or links from dubious emails or communications. Open a new tab in your web browser if you receive a questionable communication from an organization and are concerned that it might be authentic. Next, use a web search or one of your saved favorites to access the organization's website. Use their website's official phones or emails to communicate with them. Make a phone call to the organization using the number provided on the back of a membership card, on a bill or statement, or on their official website.

  • If the suspicious message appears to come from a person you know, contact that person via another means like by text message or a phone call to confirm it.
  • Report the message to your organization's cyber security team.
  • Delete it.

You can also report the scam to Microsoft or Google in case it was carried out on your personal email.

Microsoft - https://microsoft.com/reportascam
Google - https://support.google.com/mail/contact/abuse?sjid=11912534359412839581-AP

Damage Control

There are a few things you should do if you think you could have unintentionally fell for a phishing assault.

While the attack is still fresh in your mind, write down as many details as you can remember. Make a note of any information you shared, such as usernames, account numbers, or passwords, as well as where the assault occurred, such as Teams or Outlook.

Change the passwords on all impacted accounts as well as any other accounts where you may be using the same password. While changing passwords, make sure to set unique passwords for each account, and read about how to generate and use strong passwords.

Check that you have multifactor authentication (also known as two-step verification) enabled for all accounts that you can.

If this assault impacts your work or school accounts, you should alert your IT support team. If you supplied information regarding your credit cards or bank accounts, you should also contact those businesses to warn them to potential fraud.

If you have lost money or been the victim of identity theft, do not hesitate to contact local police enforcement. The information in step 1 will be extremely useful to them.

https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

Top comments (0)