Computer viruses are not the most dangerous internet threats anymore. You have probably heard about phishing, a term usually associated with money being stolen from bank accounts. That happens after a victim has blindly followed instructions from a fraudulent e-mail. It’s an easier attack which is often more dangerous and doesn’t require that much programming knowledge.
Social engineering experience
Phishing is an attempt to steal your personal data, such as a credit card number, address, or login details. This is done via fraudulent e-mails or websites which pretend to be original but come from crooks. The story is usually the same and easy to look through. Nevertheless, claims less-experienced internet users as victims every day. Remembering a single, basic rule would be enough to prevent this from happening: a bank or social media site should never ask for your login details anywhere else apart from their official website. A typical phishing e-mail example is a message containing a reliable logo of a bank or some other kind of a payment service, using the real colors and font. The message claims that something is off with your account and you need to log in through the button bellow immediately in order to fix the problem. Look closer and you will see a few strangle details:
- The message is using a general salutation, even though a real service where you have an account has to know your name.
- Same with the addressee e-mail. The message has obviously been sent to multiple addresses in the blind copy. The aggressor was hoping somebody would buy it.
- A couple of grammatical mistakes and some clumsy expressions, unless the aggressor comes from the same country as you do. These messages often use internet translators.
- A rubbish sender address, which may not strike us at first. It can only differ by one letter from the real address (for example [email protected] instead of [email protected] ).
It doesn’t have to be from an email or a bank
The website address would probably be just as rubbish, in case you clicked the button given.
Inserting your name and address into such a service would result in your data being handed to a very suspicious receiver. However, e-mails are not the only way to deliver messages like these. They can be waiting on social media in received SMS (you may not be that cautious on a small cellphone screen), on various websites, or they can pop up as new windows of a browser. Good news is that modern browsers, big e-mailing services providers, and the most used antivirus programs already do protect you against phishing. Suspicious mail usually ends up in spam and if you try to open a con hyperlink, you get a caution pop up window. Anyway, what you should avoid is clicking on suspicious e-mails, opening unsolicited attachments, and always double check the address when filling in your login details. Most trusted websites offer a safe SSL certificate, marked green or by a lock icon in the browser.
Preventing phishing attacks
- Use spam filters, especially for e-mail clients such as Outlook or Thunderbird (website e-mail services have them on automatically).
- Change browser settings so that it blocks opening of suspicious websites.
- While verifying or inserting details, always make sure it’s not just an attempt to get your data. If you are not sure, contact the institution personally.
- Before clicking the hyperlink, pause your cursor on it and make sure the website has an SSL certificate. If the URL contains “https”, it means the website has this certificate.
- Follow the warnings from your bank or financial institution which monitors phishing attempts and informs their clients.
- If you think you might have become a phishing victim, contact the institution. If you have been financially damaged, you should inform the police as well.
Phishing can result in conviction
Thanks to phishing threats being nothing new in the internet world, society is much more educated about this matter opposed to how they used to be 10 – 15 years ago.
On the other hand, these frauds are much better planned and done than they used to be. That is why there are still new successful thefts of identity as well as property. That can result in conviction, even if the attempt was unsuccessful.
What can you do now so that your message is not marked as phishing?
Just like spam is filtered by a combination of preset algorithms which are not always flawless, phishing detection also happens automatically. Nobody wants their e-mail campaign ending up with this label. However, this can be prevented by a simple change of settings such as deactivation of tracking clicks on visible URL addresses.
This text was originally posted by Commerce Media, a business partner of eWay-CRM.
The module Marketing in eWay-CRM allows you to send personalized bulk emails to either leads or existing customers in a professional manner.
