Masterclass Series — Understanding Email phishing and Avoiding it

Understanding Email phishing and Avoiding it by Adedoyin Adedeji

Our Email addresses are very important to us and it has become an essential part of our daily lives. Our email addresses are also a big target for hackers and fraudsters simply because your email address is central to all your online activities. Almost all your online identity is tied to your email addresses.

Why worry myself about hacking almighty Facebook or Google or twitter when I can simply send you a malicious email that looks like facebook or Google or yahoo that will trick you to a fake login page where you will willingly submit your precious login details.

Email Phishing is when fraudsters and hackers send you fake email trying to mimic an organization like your bank, popular international organizations etc simply to trick you to get your login details.

Fraudsters send fake emails that directs you to fake web sites that mimic your bank’s sign-in pages or your facebook, Yahoo or Gmail account login page to trick you into disclosing your user name and password. The word Phishing is gotten from “fishing” because hackers and fraudsters are going round the internet fishing for login details to steal.

Our they gain access with the login, they automatically take over your online identity thus accessing personal information to empty your bank account, hijack your social media accounts or exposing private and sensitive information about you. They can even lock you out completely by changing all your social media account password and email password.

How to identify a Phishing Email

1. Beware of urgent or threatening email subjects — It is usually urgent! You get an email like — “Your email has just be hacked, reset your password” or “Your account has been blocked, login to unblock it”, “Unauthorized access to your email, reset password”. Phishing emails are designed to trigger a quick emotional reaction from you to make a mistake.
2. Always check the header of the email — The header of the email contains the subject of the email and the “From”, “reply-to” email address. I got an email from “United Nations” on Wednesday. Here is the screenshot of the header. You can see the two emails “From” and “reply-to” has nothing to do with UN.
3. Beware of links in your email. Usually phishing emails have links which directs you to a malicious websites. In your email, you will see a text like “Click Here — gtbank.com to reset your banking details”, instead of clicking it, just put your mouse pointer on it, the real link will appear like “tohe.gtb.124.com”. Like in the image below.
4. Hackers and Fraudsters usually don’t know your name so the email may address you in vague terms like “Dear Customer”, “Dear Esteemed Subscriber”, “Good Morning User”.
5. Look out for grammar and spelling errors in the email. This is one of the biggest weaknesses of cybercriminals, spelling and grammar.

Protecting yourself

1. I know a number of us are very loyal to our Yahoo email addresses. Please switch to using GMAIL. Google has a good way of identifying scam or phishing emails far better than Yahoo. Such emails are moved to spam thus reducing your chances of falling victim. For those that have customized email addresses like mary@companyname.com, tell your webmaster or IT guy to enable “Spam Assassin” (Yes Assassin, but a good one lol) on your website’s control panel.
2. Sometimes, you get emails from a good friend that has a link or attachment. If you were not expecting emails from the person, call to confirm he/she sent the email before opening or clicking the link. Sometimes, your friend’s email address gets hacked and it is used to send you phishing emails.

I got an email from a client’s address with the title “Confirm payment details”. Trust me; in this recession there is no better word to hear than “payment”. I opened the email and was a bit careless; it had a malicious file attachment that had a pdf logo. I download it and opened it; it immediately redirected me to a cloned Gmail login page to enter my details. That was when my head reset and I checked everything to see it was a phishing attempt. I called the client to inform her to reset her password, luckily no serious damage was done.

1. Be aware and Pro-active — No matter the urgency, don’t respond to an email or click the link to submit your login details. Instead of clicking the link in your email, simply open the browser and type it in yourself, contact the customer care directly to confirm if anything is wrong.
2. Avoid using a single password for all your online account. I know having and remembering multiple passwords can be challenging but it is important. You can have like five passwords. One for your email, one for your online banking , one for your social accounts, one for registering on various websites to fill forms or sign up and one to use on websites you don’t trust.
3. Have a good anti-virus and ALWAYS UPDATE IT. Most antivirus have browser add-ons that warn you about malicious or phishing websites. For regular users, Avast antivirus Free edition is good enough for you. Simply by registering, you get a free 12 month license.

In conclusion, the weakest link in cyber safety and security is human error. Usually the software or online services we use have a good level of security that regular hackers or fraudsters can’t break into. Thus they depend on tricking us into making mistakes that will expose us; our emails and mobile phones are the easiest way to they get to us. Stay alert and also look out for anything that isn’t normal when you get an email or SMS especially from your bank.

About Adedoyin Adedeji

Adedoyin Adedeji is the Chief Operating Officer of International Center for Leadership Development Nigeria (ICLDNG); he is also the Managing partner of CliqEdge Limited and the co-founder of Originalcosmetics.com.ng and MailCliq.com.

Twitter : @dhoyin

Facebook : fb/dhoyin

Originally published at rlcfellowsnigeria.wordpress.com on February 4, 2017.