The devil is in the details - How to identify phishing mails

Sven Krumrey

Mails with serious content in an official tone, final notices or seemingly technical issues are enough to unsettle most readers. Often, this is an attempt at cheating you out of your money as I described last week. How can you catch on to the scammers, where do they give themselves away? The first step is to realize that your personal information is already in the wrong hands.

Baffled users: Phishing schemes are designed to confuse and trigger hasty actions
How do hackers manage to steal your information?

Phishing mails seem twice as credible when they already contain the correct name, address and even your bank information. This information can come from various sources. Maybe one of the companies you recently dealt with was hacked. Entire collections of stolen user profiles are available for sale on the dark web, the part of the Internet that requires specific software and authorization that is frequently used by criminals. Have you ever had a Trojan on your PC? This type of malware collects your every input and can create extensive user profiles. Have you recently participated in an online raffle or similar offers that require you to provide your personal data? Hosters of free services finance their offers through the sale of customer data sets among other things. It pays to think twice before you give away your real name, address and bank information. It's easy to change your email address but your place of residence or your bank account? Not so much.

How to identify phishing mails
Look for irregularities. Did the sender write to you before? What about spelling and syntax? For example, many scammers use Google Translate to create mails in foreign languages. These mails contain valid words but in weird combinations. As native speakers, your bank, PayPal or whoever supposedly wrote them usually do much better.
Time's running out!

That's the essence common to many phishing mails. Unless you're facing bankruptcy or love to collect final notices no respectable company will write to you in this manner. This pressure is built up to make you act rashly, give away your data or make that urgent transfer. But frozen bank accounts and property seizures are always the last resort and don't happen over night. So stay calm, think and contact the companies mentioned through regular channels (phone / email). Don't use the contact address provided in the mail as this may lead you to other criminals that will try to convince you of its validity.

Online banking is often the focus of criminal actions

No bank requires your data, PINs or TANs! Whenever you're prompted to input your user name, password or even transaction codes, something's fishy. The authors of such emails are crafty in finding new reasons for you to "confirm", "verify" or input data for "further processing". Your bank already has all the information otherwise you wouldn't be able to log into your account in the first place. Scammers also like to pretend that your account has been suspended or hacked. Again: Call your bank and sort things out. If a wave of spam mails is under way, your bank will most likely clear this up with you quickly.

Don't open attachments and don't click on any links if you're uncertain about their contents! Even good antivirus software cannot provide 100% protection against all Trojans and other malware. Very popular: Links hidden in a PDF document (e.g. to display the status of your package delivery) that will lead to a download link for a Trojan so the original attachment is clean but the link target is not. Bad!

It's unlikely that you're the first to receive this mail. Numerous sites deal with this topic and provide up to date examples. If you find weird phrases simply copy them into Google Search. In all likelihood, you will quickly discover fellow users with the same problem so the issue gets resolved soon.

Scammers are currently using a new scheme on Facebook. Using fake profiles that resemble those of your friends, users will ask you for your cellphone number. Instead of a message, you will receive an SMS with a code. While you're still trying to make sense of this, your "friend" will then ask you for that code. If successful, you will be charged for the message by common payment providers such as PayPal, Buy with Mobile or their offspring Zong on your next cellphone bill. Solution: Adjust your privacy settings so that only your friends can view your list of Facebook contacts.

The faceless hacker - scammers are seldom caught

Does the mail contain links? Simply hover your mouse over them, don't click. Most email applications will already display the link target this way. Make sure it's the right company and pay attention to every detail as scammers tend to use addresses that are very similar to the originals.

If you're willing to dig a little deeper into the technical details, you may also want to analyze the email header. Because what is usually simply displayed as a name in our email applications contains a lot more information than that! Visit iptrackeronline for further details.

Still uncertain? Visit the company site the mail supposedly refers to (before you open any attachments or click on any links in the mail!) and log in as usual. Whether it's your bank, Amazon or PayPal, if the mail is legitimate, you will find similar messages or notifications in your user account. If there aren't any feel free to delete the mail.

You see, the best security system still sits between your ears! Be vigilant and stay calm when you receive mails you can't immediately make heads or tails of. Run a full virus scan. Most Trojans will be detected and eliminated by your antivirus program. Modern online banking methods, alert users and good antivirus applications are making it harder for these phishing attacks to work yet the yearly damages caused are estimated to be in the billions. And even if the worst happens, you're not alone. Back in 2009, highly indecent sexual statements seemingly made by English MPs attracted a lot of attention on Twitter. These MPs had carelessly entered their user names and passwords in response to a phishing mail.

What I would like to know since damages caused amount to billions of dollars: Have you been the victim of a phishing attack or have you avoided the threat and if so, how?

Back to overview

Write comment

Please log in to comment