So this will probably be one of my smaller posts here because I want to get straight to the point. Ever get those emails that look like they are from your bank or a bank and they try to get you to provide sensitive information? We all have gotten those email and I am sure you like many others just dismiss them. Sadly there are a large number of people fooled by these emails every day and those people unknowingly provide sensitive information to malicious people who just want to steal their money.

What is phishing?

Phishing is pretty much what a described above and it is what a potential victim is contacted by someone posing as a legitimate company in order to lure them into providing sensitive information. The victim won’t just be contacted by email, they may be contacted by phone or text message. But the phish is always the same. The fake company is trying to get sensitive information from the victim either via phone or through a fake website. Unfortunately, this is an ongoing problem because people still fall for the phish.

Example of a phishing scheme

One very common example of a Phishing scheme is the Microsoft or Office 365 scheme. Office 365, if you are not aware, is cloud based services by Microsoft. Mass emails will be sent by the malicious person to thousands of people pretending to be Microsoft and telling the user they need to change their password. The user is provided with a link to login their account but they are actually take to fake website that was created to look like Microsoft’s website. This fake website will ask for your username and password and then may even pass you on to the real Microsoft website after you have entered in your credentials. But by that point they have now gotten your credentials and can access your account.

Also, because people reuse their passwords so often now the malicious person will attempt your credentials on other services you may have. This is called credential stuffing and spoke about it in my post Is my password secure enough?.

If for some reason you did fall for one of these phishing schemes, and believe me they are getting more and more sophisticated, you would only have to reset the password of one account. Assuming that you use a different password for each account.

Services like LastPass which I personally use will help you keep track of all your passwords as well as generate secure new passwords. Full disclosure: I am an affiliate of LastPass and if you want to use my affiliate link above I do get a commission but it is no extra cost to you.

How do you detect phishing emails?

I will tell you that it is getting harder and harder to detect phishing emails but there are certainly ways to help protect yourself.

  1. As I mentioned make sure that you use a different password for every site and service you have. That way should you fall for one of these emails your exposure is only isolated to that one account.
  2. If an email seems too good to be true then it probably is. We all know the Nigeria scams and those seem pretty obvious. But what about the email from “Your Bank” asking you for some seemingly innocent information for a bonus added to your account? If an offer seems too good to be true do a little more due diligence to make sure it is not a scam.
  3. Attachments you were not expecting are always a red flag. Even if the attachment seems as innocent as a PDF document or a Word document you better err on the side of caution and just delete the email. Some attachments do not contain malware but may contain additional links to send you to a fake website.
  4. Always be concerned with links inside of emails. These links can take you to fake websites meant to get your credentials. Or they could take you to a site to download malware on your computer. If the link says Microsoft but takes you to “resfgre[.]com/microsoft” you probably do not want to click on it. The easiest way to determine is to hover your mouse over the link, but don’t click. You should get a small popup telling you the exact address you will be sent to. The image below shows a legit email from Twitter and as I hover over the link it shows me the URL at the bottom which goes to twitter.com
Notice how when I hover over the link “Take a look” is shows me the full URL in the bottom?