First, what is phishing? The word phishing refers to the term fishing, as in “fishing for passwords”.
Phishing is by far the most common “hack” used to steal passwords. Once they have the password, they can take over accounts and enter systems without authorization. It is a social engineering attack, rather than a true hack in the technical sense.
Phishing can occur through any channel: via telephone, email, a web page, or even in person. In short, it is an attempt to trick you into revealing a secret (such as your password, pin or any other data).
Here are some tips you need to spot in the email.
These are industry standards I’ve learned while working in tech companies.
– Verify the sender, are you familiar with the sender email? If suspicious, delete it immediately.
– Wrong spelling or grammar. (Though attackers are becoming sophisticated )
– There is emotional motivator like fundraising for a sick relative
– There is urgency in action/response like comply by tomorrow else you will lost access to.. etc
– Suspicious domain name/link- such using url shortener like bitly, tinyurl, etc.
– Links in the body – don’t click the link immediately, instead, hover it and see which url it points to
– If you have gmail and similar client, some emails are initially scanned and landed to spam folder. Be careful when it go down there.
On Phone calls
Will include phone calls as well as this is very rampant.
General rule is, don’t provide password, pin and sensitive information to anybody on the call no matter how authentic / legit they sounds. Instead politely find a way to end the call and verify the facts by calling the hotline. Credit companies or a bank companies have a hotline, call them right after.
Social media chats are not that secured, not advisable to send through your account numbers and similar information.