Phishing e-mails and how to recognize it?
Remember that time where the prince of Nigeria sent you a email to tell you that you will inherit all his fortune? All you need to do is send some money to unblock the situation because he couldn’t do it? Too good to be true right? It was so obvious it was a scam, that you deleted the email without thinking and marked it as spam.
It was so 2010…
New ages, new scams
But now, what is a scam and what is not? We have to admit that our era is so much more propitious to be careful when you receive an email. Because if you click on something, you could lose more than just a few euros… and when you realize that you were scammed, your money is already gone. But you don’t understand how…because all you did was clicking on a link about a postal service, your bank or something that you trust and filled in some of your information…
In Merriam Webster, the definition of phishing is the practice of tricking Internet users (as through the use of deceptive email messages or websites) into revealing personal or confidential information which can then be used illicitly.
Meaning? People trying to fool you to take advantage of you. If you enter your personal details on such a fake website or control panel, the cybercriminal will be able to use them to access your online banking accounts, make purchases, etc. Your identity can also be used to commit fraudulent acts or scams, whereby the cybercriminal pretends to be you.
Calls, messages, emails…
Recently, one of our client sent us an email that she found strange. It was related to the renewal of her website’s domain name and hosting. She red the email and forwarded it us. When we received it, we immediately saw that it was an attempt of phishing and we were happy that the client didn’t clicked on any button.
How to identify an attempt of phishing by email?
First of all : always use your common sense. Yeah yeah, we know… Sounds lame but it’s super important.
- If a bank that is not yours sends you an email informing you of irregular behaviour on their account : Don’t open it.
- If you receive an email from a postal service when you haven’t order anything : Don’t open it.
- If you receive an email to tell you that you’ve won something when you didn’t play : Don’t open it.
- If someone you don’t know sends you an email with “Hey look what I found about you!” : Don’t open.
But now, if you receive a mail or you have a doubt because it’s really realistic, you have to check some information that will tell you if it’s a scam. As and example, we are going to use the email that our client received from “Combell”. As we host our websites on this green hosting provider, we think that’s important to inform you (like they did recently) the informations you need to check when receiving an email.
- Ok, soooo the name seems correct right? BUT check the email address of the sender! What’s this weird and crazy address? Why a company as big as Combell will use some funky domain to send you emails? The email address is the clearest evidence that it‘s a phishing attempt.
- Oh sneaky sneaky scammers… if you look closely the link to “renew you domain”, you see that the address is incorrect as the “:” are replaced by “;”. Looks the same, but it’s not the same!
- If your hover the link (without clicking on it!) you will see the link behind the button and part of the correct URL is often taken to make the fake URL as similar as possible to the correct URL.
- If you see that the grammar or the spelling is weird, be aware that it could be a hint. All big company have departments dedicated to communication so mistakes exist but are rare.
- You should never enter your username or password on a website without making sure it is an official page!
But as we said, this point can be misleading because scammers try to be more et and more realistic and put logos or images trying to convince you that their emails are legitimate.
- The next point can be helpful but can also be misleading, so take it with caution… In the email above, there is no logo, no graphic guidelines. It could be an email that everybody can send. As we mentioned before, big companies have communication or marketing departments and every message sent out to customers is usually branded with the visual identity of the company. If it’s not, that’s clearly a scam.
What can I do if I click on the link?
Sometimes when you’ve clicked on the link… It’s not too late! Don’t fill in the information, don’t enter your credentials and close the window in your browser.
I’ve clicked, enter my credentials or my information what can I do?
If it’s about money, call your bank immediately. If it’s an account on an application or on a website, change immediately your password. If it’s something more serious (as cyber criminality), you can call the police and they will be able to redirect you where needed.
Need more info?
Credits for main picture : Image de rawpixel.com sur Freepik