Security

Phishing Emails: How to Prove?

I once ran into a phishing attempt in the form of a deactivation scare; this style of attack is very efficient, as it scares users into reacting by threatening to deactivate a critical account. The email threatened to deactivate a banking account and told me I had to follow a convenient link to reactivate it; it then asked for my login credentials, such as my username and password. I am sure if I followed the instructions, it would have asked for my debit/credit card information as well. While most of these kinds of attacks are easy to spot by looking for misspelled letters or poor-quality images, nowadays, they have evolved to be very realistic. This particular email even had indications that it was already scanned for malicious content by my antivirus program.

I feel that this phishing attempt was very well executed, and if I had not known about these forms of attacks, I might have been a victim of it. I believe that many individuals would not have noticed the potential signs of malicious intent of this email and would have been scared to have their banking account deactivated. If their banking account was deactivated, it could have caused many problems such as failure to pay bills, loss of access to their funds, and a tremendous headache. Using fear in phishing attempts is an unfortunate but effective tool in convincing an individual to give up sensitive information. These attacks are especially hazardous for those who are not tech-savvy, such as the elderly.

In this scenario, to prove the email was, in fact, a phishing attack, you could look at the email’s header to verify the sender’s address was either duped, spoofed, altered, or even coming from a completely different domain. One could also examine the Enhanced/Extended Simple Mail Transfer Protocol (ESMTP) number, which is unique to each individual email (Nelson, Phillips, Steuart, 2019). A website’s address should always be verified to be the same as the real company’s official website address, for example. Close attention should be paid to items in emails and websites such as font, coloring, and low-quality images; these are all reasonable indications of fraud. Recognizing when emails come from unrecognized senders is also essential. Another helpful tip would be to remember that typically, companies do not ask for your login information over anything other than their trusted website.

References

Nelson, B., Phillips, A., & Steuart, C. (2019). Guide to Computer Forensics and Investigations. Boston, MA: Cengage Learning.

Grimes, Roger A. (2017). 15 real-world phishing examples — and how to recognize them. Retrieved from https://www.csoonline.com/article/3235520/phishing/15-real-world-phishing-examples-and-how-to-recognize-them.html.

Categories: Security

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s