Phishing & Scam
Phishing is one of the most constant cyber hazards businesses, and people face. Phishing is the old scam as email itself, but they have stayed influential despite significant cybersecurity advancements.
Thankfully, as cybersecurity awareness has enhanced, more people know how to spot a basic phishing scam. Always look for spelling errors, not trust unknown email addresses, and avoid overly urgent messages.
Despite this, phishing remains the most ordinary attack by far, and it is an effective one. Many large-scale ransomware attacks begin as phishing scams. Let us uncover how phishing attacks persist to scam people and how to determine increasingly advanced scams.
Phishing Attacks Have Increased More
Part of the continued success of phishing attacks is becoming more complex. The apparent "Nigerian prince" scams of the past no longer represent the current threat landscape.
Part of the continued success of phishing attacks is becoming more complex. The apparent "Nigerian prince" scams of the past no longer represent the current threat landscape.
Clone phishing has also grown more popular. In these attacks, scammers copy a legitimate email to send a replica with the link swapped out for a malicious one. If phishers hack into the legitimate sender's account, there will be no immediate sign that it is a scam.
Spotting Advanced Phishing Scams
Phishers have become more careful about ensuring their messages do not look like scams. In many cases, it is almost impossible to tell that what you are reading may be a phishing email without a more advanced assessment. 22% of surveyed employees do not feel obligated to keep their employers' data safe. That is a significant problem.
Phishers have become more careful about ensuring their messages do not look like scams. In many cases, it is almost impossible to tell that what you are reading may be a phishing email without a more advanced assessment. 22% of surveyed employees do not feel obligated to keep their employers' data safe. That is a significant problem.
- Check Email Headers
If there are no direct tells, you can check an email more closely by examining its heading. In Gmail, click the arrow next to "Reply," then select "Show original." In Outlook in the browser, the option will also be in the arrow next to "Reply" but say: "View message source."
These options will reveal the raw code for the whole email, but the header is just the first text block. Paste the header into an email header analyzer tool like MxToolbox and click "analyze" to make it more readable. The results will show a spam score, the email's source, and its route.
Even if an email has a low spam score, it could still be phishing. Check the "Received" field to see the route the message took. If it passes through many sites or some of these, have unusual domains.
The "Authentication-Results" box will show which verification methods the message passed. Look for the word "pass" in all the results. If even one shows 'failed,' do not trust the email.
- Inspect Links and Domain Names
Another critical step is to inspect any links within the message. Any domain name in the email or the "From" field that varies from an actual company's name is suspicious, but these checks can go further.
Copy and paste domain names and websites into search engines or an analyzer like Domain Tools to learn more about them. Domain Tools can show when the domain was created, and brand-new domains are likely fraudulent. Googling domains can reveal if other users have reported it as a scam.
Many cyber criminals use URL shorteners to hide domains, so always inspect these links before clicking on them. If the full address is long, contains many random characters, or has words unrelated to the legitimate source.
- Look Through the Source Code
If you are still unsure about an email, you can inspect its source code more in-depth. Follow the same steps for analyzing the header, but look at all of the source code instead of just the first block.
Use the search feature in your text editor to look for the phrase "HTTP." This will help you look through the links in the email, even hidden ones. If you see a domain, you’d do not recognize, or that seems suspicious, Google it or put it through Domain Tools to inspect it more closely.
Use the search feature in your text editor to look for the phrase "HTTP." This will help you look through the links in the email, even hidden ones. If you see a domain, you’d do not recognize, or that seems suspicious, Google it or put it through Domain Tools to inspect it more closely.
- Question Even Trusted Sources
Finally, it is essential never to trust any message fully, even if it comes from a trusted source. Today, many phishing attacks start by hacking into a legitimate account, such as the recent "Is it you in the video?" scam on Facebook Messenger.
Given the rise in these types of attacks, just because a message comes from a natural, trusted source does not mean it is not phishing. If any message feels off seems unusual, contact the person by another means to ask if it was them and perform the above steps on the message.
Phishing Methods Have Improved, but Safety Is Still Possible
While the core notions behind phishing have remained unchanged for decades, these vicious attacks are far more advanced today. Following the steps mentioned above can help every business or individual stay secure despite sophisticated phishing tactics, from CEOs to patrons. As cybercrime rises, this level of scrutiny may become essential.
December 2, 2021
