Catch the "Phish"

Published on 12 Mar 2014

by GOsafeonline

“Congratulations!”

 


Have you ever come across emails or social media posts with such a statement? Or perhaps “Check your 13th month bonus here!” or “I’ve taken some interesting photos, check it out here!” Such emails use social engineering tactics to trick you to access malicious websites or to divulge your sensitive information, by masquerading as an email that seems to be real. However, as real as they seem, there are usually tell-tale signs that you can look out for to prevent yourself from falling prey.

 

Catch the “Phish”

 


Did you manage to identify the tell-tale signs? While content can be spoofed and information such as your name and designation could be obtained through social engineering means, attackers are rarely able to spoof information such as the email and web address domain name.

 

Tell-tale signs

 

Know the difference

Security Tips

  • Attackers could obtain information about you through social media sites. Refrain from disclosing sensitive information (e.g. date of birth, phone number, etc) to people that you do not know.
  • Social engineering attacks do not only come in the form of email. If you receive unsolicited phone calls or people asking you for your personal information on the street, beware of what you disclose.
  • Attackers might ask for your login details or ask you to go to a website to install software for troubleshooting your computer's problem. Think twice before you act as your computer and personal information may be compromised.
Answers
Email A: Email sent from a well-known company, but sender’s mail and hyperlink domains are different
Email B: This is an unsolicited email, sender’s mail domain is different from the company’s, and email requested recipient to open attachment
Tags