Seven Tips To Recognising Phishing Attacks

Phishing attacks are all too common across the world. A phishing scam or an attack is when the attacker sends fraudulent emails to extract personal information or money from gullible users. As per a recent study, 76 percent of businesses were victims of phishing scams in 2018 and 30 percent of fraudulent emails are opened by users. These tips on recognizing phishing attacks can help businesses and individuals protect themselves from scams.

Seven tips to avoid phishing scams

Misleading domain name: One of the most common tricks phishing scams employ relates to misleading domain names. Most people are not familiar with domains’ DNS naming structure and are misled by the company name they see in the URL that might look legitimate. The convention for DNS name is child domain. full domain.co. For example an URL of a legitimate corporation reads like this info.examplecorp.com which is a child domain of examplecorp.com (full domain). Clicking on info.examplecorp.com would take the user to the information landing page on the website.

It is important to note the full domain name is located to the right side or the end of the URL. Conversely, if the URL is examplecorp.com.phishingemail.com it indicates the child domain has not originated from full domain of examplecorp.com because this full domain name is to the left side of the URL. Contacting IT support London is the best way to know if the domain name is legitimate.

Mismatched URL: Many times a phishing email’s URL appears to be valid but it is possible to check if it is genuine by using Outlook. Just hovering the mouse on the URL will show the hyperlinked address that should match the URL in the phishing email. If a different hyperlinked address is seen on embedded URLs, it is a clear sign that the email is fraudulent.

Personal information: Often users receive what looks like a completely genuine email. Hackers try to imitate an official email from a bank or a company. A red flag is when the email asks you to confirm your personal details such as account number, name, age or login credentials. Your bank would never ask you for such information as they already have it. If you are not sure about the source of the email, it is better to search online and try to contact the company or bank directly.

Poorly written: Emails from genuine companies are written by professionals and thoroughly checked for grammar, spelling or legality errors. A phishing email can give itself away with the poor language, grammar and spelling errors. Read the full email and note strange phrases, grammatical and spelling errors which can all indicate a phishing attack.

An unbelievable offer: Many phishing emails contain an irresistible offer that sounds too good to be true. One of the common unbelievable offers include a congratulatory mail stating you have won a million pounds and you can claim it by sending out your personal details.

Asking you to send money: Any email that asks you to send some amount of money towards fees, expenses or taxes or to claim your ‘prize money’ is definitely a scam. An overseas job offer with an incredible salary is another common scam. Users are asked to send a ‘deposit’ to confirm their acceptance of the job.

Threatening messages: Scammers try to instill panic by sending out threatening messages which could claim your account is compromised or closed. It might also ask you to verify your login details immediately to be able to access your account.