Hello Steemians! I am writing this article today as I just received a phishing email today. The mail I received is full of tell-tale signs of a typical phishing attempt. Hence, I thought I should take this chance to share some tips on how not to be phished.
What is Phishing?
Phishing, pronounced as "fishing", is an attempt to trick unsuspecting victims, through the use of fake and usually enticing message, into giving up sensitive data or assets. The definition given by Phishing.org is as such:
Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
The information is then used to access important accounts and can result in identity theft and financial loss.
Spotting a Phishing Attempt
There are a few obvious tell-tale signs when it comes to phishing attempts and here are some of them that can help you detect and avoid a phishing attempt.
Sign 1: Unusual Sender
The sender is the easiest sign to spot. A phishing attempt is usually unsolicited and probably from an unknown sender. For my case, the phishing email attempts to impersonate the Essentia project team (@essentia.one).
But on closer look, the email address is not from the correct domain. The mail is from "Essenita" instead of "Essentia".
This is already a very clear signal for me not to click on any links from the email. At this stage, I would usually just delete the email and carry on with my life. But for the purpose of this article, lets dive deeper.
Sign 2: Too Good to be True
In order to get you to act on the message, the email will usually contain very enticing information. For my case, the mail is telling me that I can get some cheap ESS tokens.
First of all, look at the poor math. It says the normal sale price is 1 ETH = 1500 ESS tokens. But they are offering 1 ETH for 30,000 ESS tokens and they say it is a 50% discount. More like a 95% discount to me 😂.
Anyway, phishing emails usually try to lure you to click on links or download an attachment using a seemingly good deal. Sometimes they will make it time-sensitive so that you do not have the time to do proper due diligence before "accepting" the offer. Not many of such "good deals" are real in life. However, if you really are afraid of missing out on a deal, cross-check with the official support first. Ask them if there is such an offer going on before you take any action.
Sign 3: Unusual Links and Attachments
This is the most important sign. You can ignore the first 2 signs and probably still get away unscathed. But if you click on any of the links or download any attachments, then you are most likely already a victim.
First of all, NEVER EVER open an attachment from an unsolicited email. Once you do that, you can only hope your anti-virus does its job to protect you. Next, be really careful before you click on any link. If you really like to click on a link (which I strongly oppose), please at least perform the following steps:
Step 1: Right-click on the link and copy it
Step 2: Head over to VirusTotal and submit the URL for their analysis
Step 3: Only click on the link if all anti-viruses flag it as clean
Even if the URL may be clean, do not just give away your passwords or sensitive information when you are at the site. Check that the site is a legitimate one before you disclose any sensitive information.
Extraordinary good deals are rare in this world. So you can safely ignore such unsolicited emails and report them as spam 99% of the time. By clicking on a link or downloading an attachment, you are exposing yourself to be a victim of a phishing attempt. Always verify what you are clicking and, I emphasize, do not download any attachments from unsolicited emails.
Thanks for reading! Hope this article is useful and you will not fall for a phishing attempt after reading this. Let me know your thoughts and if you have ever received a phishing email.
Yesterday I announced the content crowdsourcing event which @mrshev and I had been working on. I just want to take this chance to remind everyone that the event had started and there are 100 STEEM worth of rewards to be given out. So please check out the post and I look forward to your active participation! Thanks!
Projects/Services I am working on:
You can find me in these communities: