Stay Safe - 3 Major Signs of a Phishing Email
Hello Steemians! I am writing this article today as I just received a phishing email today. The mail I received is full of tell-tale signs of a typical phishing attempt. Hence, I thought I should take this chance to share some tips on how not to be phished.
What is Phishing?
Phishing, pronounced as "fishing", is an attempt to trick unsuspecting victims, through the use of fake and usually enticing message, into giving up sensitive data or assets. The definition given by Phishing.org is as such:
Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
The information is then used to access important accounts and can result in identity theft and financial loss.
Spotting a Phishing Attempt
There are a few obvious tell-tale signs when it comes to phishing attempts and here are some of them that can help you detect and avoid a phishing attempt.
Source
Sign 1: Unusual Sender
The sender is the easiest sign to spot. A phishing attempt is usually unsolicited and probably from an unknown sender. For my case, the phishing email attempts to impersonate the Essentia project team (@essentia.one).
But on closer look, the email address is not from the correct domain. The mail is from "Essenita" instead of "Essentia".
This is already a very clear signal for me not to click on any links from the email. At this stage, I would usually just delete the email and carry on with my life. But for the purpose of this article, lets dive deeper.
Sign 2: Too Good to be True
In order to get you to act on the message, the email will usually contain very enticing information. For my case, the mail is telling me that I can get some cheap ESS tokens.
First of all, look at the poor math. It says the normal sale price is 1 ETH = 1500 ESS tokens. But they are offering 1 ETH for 30,000 ESS tokens and they say it is a 50% discount. More like a 95% discount to me 😂.
Anyway, phishing emails usually try to lure you to click on links or download an attachment using a seemingly good deal. Sometimes they will make it time-sensitive so that you do not have the time to do proper due diligence before "accepting" the offer. Not many of such "good deals" are real in life. However, if you really are afraid of missing out on a deal, cross-check with the official support first. Ask them if there is such an offer going on before you take any action.
Sign 3: Unusual Links and Attachments
This is the most important sign. You can ignore the first 2 signs and probably still get away unscathed. But if you click on any of the links or download any attachments, then you are most likely already a victim.
First of all, NEVER EVER open an attachment from an unsolicited email. Once you do that, you can only hope your anti-virus does its job to protect you. Next, be really careful before you click on any link. If you really like to click on a link (which I strongly oppose), please at least perform the following steps:
Step 1: Right-click on the link and copy it
Step 2: Head over to VirusTotal and submit the URL for their analysis
Step 3: Only click on the link if all anti-viruses flag it as clean
Even if the URL may be clean, do not just give away your passwords or sensitive information when you are at the site. Check that the site is a legitimate one before you disclose any sensitive information.
Conclusion
Extraordinary good deals are rare in this world. So you can safely ignore such unsolicited emails and report them as spam 99% of the time. By clicking on a link or downloading an attachment, you are exposing yourself to be a victim of a phishing attempt. Always verify what you are clicking and, I emphasize, do not download any attachments from unsolicited emails.
Thanks for reading! Hope this article is useful and you will not fall for a phishing attempt after reading this. Let me know your thoughts and if you have ever received a phishing email.
Additional Stuff
Yesterday I announced the content crowdsourcing event which @mrshev and I had been working on. I just want to take this chance to remind everyone that the event had started and there are 100 STEEM worth of rewards to be given out. So please check out the post and I look forward to your active participation! Thanks!
Projects/Services I am working on:
You can find me in these communities:
Totally agree with the your point of view. May be it is time for gov to start on drafting law on phising on the internet.
If you are from the USA, then the computer fraud and abuse act should have covered such phishing attempts. The problem with cyber crime is that the perpetrators are so difficult to catch
Posted using Partiko Android
Will you write a similar about apps to mobile? It is hard to find information about how to avoid bad apps
Thanks! Perhaps I can write about it later on.
Posted using Partiko Android
Please tag me if you remember
Sure thing my friend :)
wow Previously, I also had a Phishing article, but it was Phishing on Steemit. My 3 friends have lost their account and money. Hmmm I lost 1300 SBD :((( all money haha
Wow! That's a lot of money! When did that happen?
Posted using Partiko Android
For a student like me, that's a huge amount. I was shocked and cried a lot. hmmm and that money can not come back
Congratulations,
you just received a 17.11% upvote from @steemhq - Community Bot!
Wanna join and receive free upvotes yourself?
Vote for
steemhq.witnesson Steemit or directly on SteemConnect and join the Community Witness.This service was brought to you by SteemHQ.com
This is a very crucial problem in modern society today. People are always attracted to these kinds of emails and open them without thinking. We need to educate them about the importance of having some kind of virus in the file which can infect your computers. Upvoted!
Indeed. Humans are usually the weakest link when it comes to security. Don't be part of the statistics. Haha..
Posted using Partiko Android
Very good post... I hope you post this up every month one dime :)
Thank you! I write about security related articles on a regular basis. So do pop by often!
Posted using Partiko Android
Good :)
I do not open the phising email, Gmail does a great job of keeping it in Spam.
Posted using Partiko Android
Google does a good job, but some still fall through the crack. Therefore, it's still good to be vigilant
Posted using Partiko Android
Thank you so much for sharing this trick about the phishing.
Thank you. I am glad it helps!
Posted using Partiko Android
Hi @culgin!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation! Your UA account score is currently 2.858 which ranks you at #11367 across all Steem accounts.
In our last Algorithmic Curation Round, consisting of 144 contributions, your post is ranked at #70.
Evaluation of your UA score:
Feel free to join our @steem-ua Discord server
Thanks for sharing very informative things 😅😅
Posted using Partiko Android
Thanks for reading! Happy that it helps
Posted using Partiko Android