You receive a number of Emails daily among which you find some Emails useful and delete others without opening them. Some of the Emails which you receive might be vulnerable for your online identity as they contain links to Phishing pages. Phishing is a method of stealing someone's online identity or credential information by designing a webpage which mimics webpages of most trusted websites or financial institutions. Phishing is the easiest and the most commonly used method of online hacking. A hacker who wants to steals someone's credential information including but not limited to credit cards, passwords etc designs a webpage called Phishing page which looks 100% similar to that one of the original website. The details which are entered on phishing page are then stolen by hacker. A couple of months ago, I wrote an article about dangerous Emails for stealing identity. Now we will learn about identifying Emails which are used to hack user's credentials.
Usually people are redirected to phishing pages via Email or via text messages on popular social media sites. Identifying phishing websites is not a problem for tech-expert but common people who don't know much about internet and online frauds, gift their private information to cheat hackers unknowingly. They can't differentiate between legitimate and fraud Emails easily as well as phishing page or trusted page. This article is covering the methods by which someone can detect a phishing Email or webpage at a first glance hence securing his online identity from hackers.
Do Phishing Pages Really Look Like Original Website?Phishing pages look so real to original website that even an expert can be victimized if he doesn't watch the page carefully. Even Emails which are sent by expert phishing hackers seem like legitimate Emails sent by original institution. But there are somethings which cannot be changed because they are unique for every Email and Webpage. We will use those things to find out if an Email or Webpage is trustworthy or fraud.
How To Detect Phishing Emails:Links to phishing pages are usually sent via Emails so it's better to understand that how we can mark differences between normal and a phishing Email.
Its not a problem when you delete any Email without opening it. The analysis must be started for every Email when you open it. Below we will discuss the factors used to determine an Email's trustworthiness.
1. Check Sender's Email Address:After opening Email, watch for the sender's Email address. If it is among the one whom you trust, then it is OK but still you aren't advised to satisfy 100% because it is possible for anyone to send Spoof Emails. Spoofing is a term which refers to sending someone text or Email message with cloaking the Email Address or Name of any other person. I won't go in its details yet.
Someone may sends you Email with the sender's ID "firstname.lastname@example.org" or "email@example.com". If sender's Email is different from the website in subject then no doubt it seems suspicious at first glance but similar looking Email addresses can cause trouble.
Anyways, it is not a thing to get highly worried in this era because big Email providers easily detect and warn the user that actual sender's ID is different from the written sender's ID.
2. Check If Your Name Is Present In Subject Or Email Body:Second factor is the presence of your name in subject or Email body. When you register with any trusted company, they always ask your name which is used for future communications. Your name is stored with your Email address in their database so you always see your name when they send you any Email. Hackers and phishers don't have access to these databases so Emails sent by them don't contain your name. Original Emails sometimes don't contain names but its when the respected company sends Email with general announcement.
Last step to determine phishing Email is to check where the links anchored in Email, redirect the clicker. It is the final step to identify phishing.
How To Detect Phishing Website:Opening an Email doesn't mean of being victimized until an URL is clicked and the user is directed to other website. The real phishing object is the webpage. You might access at dangerous webpage by clicking links in email or from any other source. Before entering your credentials in any website, domain name of website must be checked if it is real. Sometimes, hacker obtain similar looking domains and use them for trapping people. An example is of libertyreserve.com domain. It was a popular Payment processor around the world but someone got a domain which was identical to this domain with only difference in the placement of a single alphabet due to which thousands of people lost their money. Afterwards the original domain was seized by United States authorities.
Do not enter your private credentials in any webpage until you are damn sure about the domain. For example, if you see domain "face-book.com" or "pay-pal.com" , just leave the webpage or report it to respective authorities. Don't make any mistake there as it might results in online theft.
Read More: Importance Of SSL certificate
Second thing which is to be noticed is SSL encryption. Trustworthy sites have always SSL certificate installed. This encryption makes a site secure by covering the data which is to be transmitted between servers. If you don't see a padlock icon in the URL bar for sites which ask for credentials, then be alarmed.
This is the general guideline for detecting phishing attacks. Hope everyone remains safe from these attempts.