All of us get a myriad of unsolicited emails – some of them, absolute junk. These are the spam mails that we’ve grown to hate. Modern email services and apps do a decent job at recognizing them as spam and directly moving them to the Junk folder, but often there is legitimate-looking email that you should watch out for.
What is phishing?
These emails are phishing attacks that often use social engineering to bait less-aware users. These attacks attempt to steal sensitive information by masquerading as official communication from legitimate companies or individuals.
The cybercriminals who attempt phishing aim to steal one’s credit card details or bank account information or usernames and passwords to different services. Once these details are obtained, the criminals can use it for malicious purposes, such as hacking, identity theft, or financial fraud. Such information is also sold in underground marketplaces.
How does phishing works?
Spam emails for phishing usually mimic sign-in pages of popular online services and financial institutions to lure recipients to divulge their login credentials or personal or financial information.
How to protect against phishing attacks?
Phishing attacks are designed to take advantage of a user’s possible lapse in decision-making. So, you have to watch out for those.
These are the things you need to keep in mind when dealing with spam emails:
- These emails are unsolicited, arrive unexpectedly, and often from entities, you don’t usually deal with – like a bank that you don’t have an account with or an online retailer that you haven’t ever brought a product from.
- Most such emails ask you to complete the operation – pay tax, confirm delivery address for shipment, reset password – urgently, to entice the anxious recipients.
- These deceiving emails also generally have typos or are badly formatted.
- The hyperlinks in these emails look creepily authentic, like amazonaccounts.net, americenxpress.com, et al – hoping the recipients take the bait, follow the links, and then log in on these fraud sites – thereby divulging their login credentials to the hackers.
- A good idea is to check for https certificate on the website that’s linked and not click on any shortened links in the email. Of course, if you’re using Enpass to autofill login credentials, you’d be saved since Enpass would not present Amazon or American Express account details due to URL mismatch.
This article is authored by Abhishek Baxi, a leading technology columnist. A Contributing Writer at Forbes, Abhishek writes a regular column for the Enpass community. He can be reached at firstname.lastname@example.org or on Twitter (@baxiabhishek).