First, what is phishing? The word phishing refers to the term fishing, as in “fishing for passwords”.
Phishing is by far the most common “hack” used to steal passwords. Once they have the password, they can take over accounts and enter systems without authorization. They can transact your bank accounts without your knowledge. It is a social engineering attack, rather than a “true hack” in the technical sense.
Phishing can occur through any channel: via email, phone, a web page, or even in person. In short, it is an attempt to trick you into revealing a secret (such as your password, pin or any other data).
Here are some tips you need to spot in the email
These are industry standards I’ve learned while working in tech companies.
– Verify the sender, are you familiar with the sender email? If suspicious, delete it immediately.
– Wrong spelling or grammar. (Though attackers are becoming sophisticated )
– There is emotional motivator like fundraising for a sick relative
– There is urgency in action/response like comply by tomorrow else you will lost access to.. etc
– Suspicious domain name/link- such using url shortener like bitly, tinyurl, etc.
– Links in the body – don’t click the link immediately, instead, hover it and see which url it points to
– If you have gmail and similar client, some emails are initially scanned and landed to spam folder. Be careful when it go down there.
On Phone calls
Will include phone calls as well in the topic since many are tricked through phone calls. When somebody calls you, even if it sounds legit caller from any institution or company, don’t trust them immediately. Even if you ask certain information about you they can certainly provide information about you – because, they already have half of the information about you.
During the conversation, general rule is, don’t provide password, pin and sensitive information to anybody on the call no matter how authentic / legit they sounds. Instead politely find a way to end the call and verify the facts by calling the hotline. Credit companies, bank companies, telecom have a hotline, call them right after.
Social media chats are not that secured, not advisable to send through your credentials, account numbers and similar information. Ever wonder that you’re only chatting with a friend for your favorite pizza then next hours you see pizza ads in your feeds?
Hackers are getting sophisticated
While what’s stated above is not exhaustive list and fail proof but atleast a certain guide to quickly spot if someone is trying to “fish” for your credentials. As technology evolves, more modern tricks are being used to “fish” your sensitive information out.