Stay Safe - 3 Major Signs of a Phishing Email

in security •  3 months ago

Hello Steemians! I am writing this article today as I just received a phishing email today. The mail I received is full of tell-tale signs of a typical phishing attempt. Hence, I thought I should take this chance to share some tips on how not to be phished.


What is Phishing?

image.png
Source

Phishing, pronounced as "fishing", is an attempt to trick unsuspecting victims, through the use of fake and usually enticing message, into giving up sensitive data or assets. The definition given by Phishing.org is as such:

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

The information is then used to access important accounts and can result in identity theft and financial loss.


Spotting a Phishing Attempt

There are a few obvious tell-tale signs when it comes to phishing attempts and here are some of them that can help you detect and avoid a phishing attempt.

tipsandtricks.jpg

Source

Sign 1: Unusual Sender

The sender is the easiest sign to spot. A phishing attempt is usually unsolicited and probably from an unknown sender. For my case, the phishing email attempts to impersonate the Essentia project team (@essentia.one).

image.png

But on closer look, the email address is not from the correct domain. The mail is from "Essenita" instead of "Essentia".

image.png

This is already a very clear signal for me not to click on any links from the email. At this stage, I would usually just delete the email and carry on with my life. But for the purpose of this article, lets dive deeper.


Sign 2: Too Good to be True

In order to get you to act on the message, the email will usually contain very enticing information. For my case, the mail is telling me that I can get some cheap ESS tokens.

image.png

First of all, look at the poor math. It says the normal sale price is 1 ETH = 1500 ESS tokens. But they are offering 1 ETH for 30,000 ESS tokens and they say it is a 50% discount. More like a 95% discount to me 😂.

Anyway, phishing emails usually try to lure you to click on links or download an attachment using a seemingly good deal. Sometimes they will make it time-sensitive so that you do not have the time to do proper due diligence before "accepting" the offer. Not many of such "good deals" are real in life. However, if you really are afraid of missing out on a deal, cross-check with the official support first. Ask them if there is such an offer going on before you take any action.


Sign 3: Unusual Links and Attachments

This is the most important sign. You can ignore the first 2 signs and probably still get away unscathed. But if you click on any of the links or download any attachments, then you are most likely already a victim.

First of all, NEVER EVER open an attachment from an unsolicited email. Once you do that, you can only hope your anti-virus does its job to protect you. Next, be really careful before you click on any link. If you really like to click on a link (which I strongly oppose), please at least perform the following steps:

Step 1: Right-click on the link and copy it

image.png

Step 2: Head over to VirusTotal and submit the URL for their analysis

image.png

Step 3: Only click on the link if all anti-viruses flag it as clean

Even if the URL may be clean, do not just give away your passwords or sensitive information when you are at the site. Check that the site is a legitimate one before you disclose any sensitive information.


Conclusion

Extraordinary good deals are rare in this world. So you can safely ignore such unsolicited emails and report them as spam 99% of the time. By clicking on a link or downloading an attachment, you are exposing yourself to be a victim of a phishing attempt. Always verify what you are clicking and, I emphasize, do not download any attachments from unsolicited emails.

Thanks for reading! Hope this article is useful and you will not fall for a phishing attempt after reading this. Let me know your thoughts and if you have ever received a phishing email.


Additional Stuff

Yesterday I announced the content crowdsourcing event which @mrshev and I had been working on. I just want to take this chance to remind everyone that the event had started and there are 100 STEEM worth of rewards to be given out. So please check out the post and I look forward to your active participation! Thanks!

steem-divider1.png

Projects/Services I am working on:


You can find me in these communities:

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Totally agree with the your point of view. May be it is time for gov to start on drafting law on phising on the internet.

·

If you are from the USA, then the computer fraud and abuse act should have covered such phishing attempts. The problem with cyber crime is that the perpetrators are so difficult to catch

Posted using Partiko Android

Will you write a similar about apps to mobile? It is hard to find information about how to avoid bad apps

·

Thanks! Perhaps I can write about it later on.

Posted using Partiko Android

·
·

Please tag me if you remember

·
·
·

Sure thing my friend :)

Very good post... I hope you post this up every month one dime :)

·

Thank you! I write about security related articles on a regular basis. So do pop by often!

Posted using Partiko Android

·
·

Good :)

I do not open the phising email, Gmail does a great job of keeping it in Spam.

Posted using Partiko Android

·

Google does a good job, but some still fall through the crack. Therefore, it's still good to be vigilant

Posted using Partiko Android

I kena an email from "paypal" before too. Nearly clicked on it.

Scary thing is the email looked super legit.

·

Indeed. Phishing emails are looking very real these days

Posted using Partiko Android

Thank you so much for sharing this trick about the phishing.

·

Thank you. I am glad it helps!

Posted using Partiko Android

Hi @culgin!

Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation! Your UA account score is currently 2.858 which ranks you at #11367 across all Steem accounts.

In our last Algorithmic Curation Round, consisting of 144 contributions, your post is ranked at #70.

Evaluation of your UA score:
  • Only a few people are following you, try to convince more people with good work.
  • The readers like your work!
  • Good user engagement!

Feel free to join our @steem-ua Discord server

YOU JUST GOT UPVOTED

Congratulations,
you just received a 17.11% upvote from @steemhq - Community Bot!

Wanna join and receive free upvotes yourself?
Vote for steemhq.witness on Steemit or directly on SteemConnect and join the Community Witness.

This service was brought to you by SteemHQ.com

This is a very crucial problem in modern society today. People are always attracted to these kinds of emails and open them without thinking. We need to educate them about the importance of having some kind of virus in the file which can infect your computers. Upvoted!

·

Indeed. Humans are usually the weakest link when it comes to security. Don't be part of the statistics. Haha..

Posted using Partiko Android

Congratulations @culgin! You have completed the following achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of comments

Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word STOP

Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

wow Previously, I also had a Phishing article, but it was Phishing on Steemit. My 3 friends have lost their account and money. Hmmm I lost 1300 SBD :((( all money haha

·

Wow! That's a lot of money! When did that happen?

Posted using Partiko Android

·
·

For a student like me, that's a huge amount. I was shocked and cried a lot. hmmm and that money can not come back

Thanks for sharing very informative things 😅😅

Posted using Partiko Android

·

Thanks for reading! Happy that it helps

Posted using Partiko Android