3. Learn How To Recognize Phishing Emails
You might be thinking to yourself: Hackers are still using that old, tired trick?
Remember that hackers are masters of their trade. Hacking is not only about writing code and building trojan software; hacking is mostly about social engineering and less about brute force attacks, as seen in suspense-thrillers like Swordfish (which is a truly ridiculous film for anyone who knows better).
To further bring this home, a 2014 article published on lifehacker.com pointed out how a growing number of security breaches are more about social engineering tactics and less about bad passwords. And this is why phishing emails still work like a charm today—though everyone swears they cannot be fooled by a fake email.
Some of the ways to recognize a phishing email include:
The email is written using outdated or exaggerated English. This is because international cybercrime organizations prefer to employ cheap labor in countries such as Sudan, Kenya, Nigeria, Malaysia, India, and Pakistan. The “business” email was sent from a generic email domain such as gmail.com, yahoo.com, or rocketmail.com (my personal favorite when I need a good laugh). Genuine business emails look something like [email protected] email contains suspect links or attachments. Called a “payload,” all phishing emails are designed to fool the recipient into clicking an attachment or link so malicious software is clandestinely installed on your computer or smartphone. The author attempted (poorly in most cases) to create a feeling of immediate urgency in you—a perfect example of social engineering at work. Fortunately, these amateurs are several decades outdated in their English skills and still use worn-out social engineering tactics.
However, one should note that hackers from other parts of the world are not to be taken lightly—how the Russians influenced millions of American voters by way of social engineering is a perfect example. The potential attacker deliberately misspelled the domain name. This tactic is meant to take advantage of our natural inclination to overlook small details and accept things at face value. For example, an attacker may try to be more sophisticated than the ones mentioned above by purchasing a website domain closely resembling an official website domain. The domain might read “foxrnedia.com.” What you did not notice right away is that the domain is spelled “r – n – e – d – i – a,” turning the r and the n into a sneaky pretend m.