Email phishing attacks getting better

One way attackers can get into your system is by an email phishing attack. This is very much like real world fishing, in that you present a target with a lure that has something behind it to snag the victim. A lot of these phishing attacks are trying to get you to either enter sensitive details into a website or install software on your computer.

Most of the phishing attacks I’ve seen over the years can be described as very amateurish. By that I mean they have obvious mistakes in the text (spelling and grammatical) plus the images were low enough in quality to be noticeable. More recently I’ve noticed that they are getting better, though there is still some very easy ways to foil most attacks, these are as follows:

Paypal email phishing attack

The below email I have seen multiple times. It is one of the most convincing ones, at least on the surface.

paypal fishing attack

Check Email Address

An easy way to detect most of these types of emails is to check the source address. As you can see below this email did not come from a Paypal address.

paypal fishing attack - from address

Check Links

Phishing attacks are generally trying to get you to go to a site to enter details. The site in question if a phishing attack may look like the site but will be an imitation with the task of stealing details from you. This will most likely be your username and password.

paypal fishing attack - link

Conclusion

Most phishing attacks are very easy to detect with the above techniques however it is best not to rely on this. My preferred method is to not click on links from any unsolicited emails. If I am interested in the subject I will manually go to the relevant site in my web browser. That is either search for it in google or just go directly to the companies website. In this case just type paypal.com into your browser.

Copyright © 2020 | Ben Hutton