Post Now

Anatomy of Email Phishing

Image

  Why Email Phishing is so dangerous??Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by pretending to be someone as a reputable entity or person in email, IM or other communication channels.  These messages lead you to a spoofed website or ask you to disclose private information (e.g., passwords, credit card information, etc.) that can then be used to commit identity theft.One of the most common phishing techniques comes in forging the email headers. Email phishing has become the most common online threats, which reports millions of phishing emails every day.Phishing emails often look "official", some recipients may respond to them and click into malicious websites resulting in financial losses, identity theft, and other fraudulent activity. These malicious websites will have the following characteristics.Anatomy of Phishing EmailsPhishing Emails is turning out to be a dangerous threat, because it looks very official and appears to come from a recognized organizations or banks which can easily fool people providing their credit card numbers, social security numbers and bank account information.  The email sender will create an impending doom and necessity deliberately, making the email recipient to take sudden action by providing all information solicited. For example, a typical phishing email can be shown here. If you look closely on this, you can find out the common characteristics of phishing email we discussed earlier.   From: ICICI Bank  Subject:Request to cancel internet banking acces and ATM card  Mail Context:

  • First, it looks very official. It has the Logo and link is almost replica of the original.
  • Second, there will be some malicious link or attachments with the mail.
  • Third,too good to believe financial offers.
  • Fourth, spelling mistakes and bad grammars throughout the email.
  • Fifth, unusual information in the “To” and “From” fields.
  • Sixth, threats or warning, like, say, “If you don’t fill out this form immediately, your bank account will be permanently closed.” is more than likely a phishing email.
A legitimate business email might inform you that you need to take action on something, but more than likely they won’t make you fill out a form from an email.As you can see, the designers of such attacks go to a great extent to create a very official and authentic email to invoke a sense of urgency and fear into their victims. Once they convince the recipient with validity of emails, gathering all the information they requested is as easy as a walk in the park.   How to get protected from Phishing emails ?
  • Don’t open email attachments from unknown senders
  • Keep link clicking to a minimum
  • Verify information over the phone or in-person
  • Increase your security and spam filters
  • Notify the authorities about phishing attempts
  • Don’t ever include sensitive information in an email
ConclusionIn the battle against phishing, we would like to emphasize the fact that user education is important, as ignorant users can get themselves into troubles even with the best and most sophisticated defenses available. Phishing emails are not always easy to spot because cybercriminals work hard to trick potential victims. But you can outsmart them if you know what to look for and how to protect yourself.