Techniques to Identify and Protect Against Scams or Phishing Attacks

Tags: #cybersecurity #security #secops #email #phishing #scam

Last Reviewed: 26/08/2024

Verify the 'From' Domain:

• Always check the email address of the sender to ensure it matches exactly with the official domain of the organization it claims to be from.
• Look for common tricks such as similar-looking domains (e.g., “paypal-mail-server.com” instead of “paypal.com”).

Inspect the 'Reply-To' Field:

• Check if the 'reply-to' address is different from the 'from' address. Scammers may use a legitimate-looking domain in the 'from' field but direct replies to a different email.

​​​​​​​Check 'Mailed By' and 'Signed By':

• In Gmail, examine the 'mailed by' and 'signed by' fields, which should match the claimed domain if the email is legitimate.
• A mismatch can indicate a potential spoofing attempt.

​​​​​​​Look for 'Via' in Gmail:

• If Gmail shows a 'via' label, it means the email was sent by a domain different from the 'from' address. This could be a sign of a spoofed email.

​​​​​​​Use Email Authentication Records (SPF, DKIM, DMARC):

• SPF (Sender Policy Framework): Verifies if the sending server is authorized to send emails for the domain. A pass indicates the email was sent from an approved server, but a fail suggests potential spoofing.
• DKIM (DomainKeys Identified Mail): Ensures the email content has not been altered and confirms the sender’s identity via an encrypted signature.
• DMARC (Domain-based Message Authentication, Reporting & Conformance): Confirms that the email aligns with SPF and DKIM checks and is a robust method for preventing spoofing.

​​​​​​​Examine the Domain Closely:

• Be wary of domains with subtle differences, such as using foreign characters or combining letters to mimic legitimate domains (e.g., using “rn” instead of “m”).

​​​​​​​Check for Unicode and ASCII Characters:

• Use tools like a 'Unicode Inspector' or 'ASCII Validator' to detect non-standard characters that might be used to deceive the recipient by mimicking legitimate letters.

​​​​​​​Inspect the Full Email Headers:

• In Gmail or other email programs, you can view the full headers to see the path the email took and verify the SPF, DKIM, and DMARC results manually.

​​​​​​​Be Wary of Unexpected Attachments or Links:

• Phishing emails often contain links or attachments that lead to malware or fake login pages. Avoid clicking on these unless you are certain of the email’s legitimacy.

​​​​​​​Critical Thinking and Awareness:

• Always scrutinize emails, especially unexpected ones, that ask for sensitive information or urge immediate action. Phishing attempts often create a sense of urgency.

​​​​​​​Use Spam Filters and Anti-Phishing Tools:

• Employ robust spam filters and anti-phishing tools in your email client. These can automatically detect and block many phishing attempts before they reach your inbox.

​​​​​​​Check for Grammatical Errors and Unusual Language:

• Many phishing emails contain poor grammar, unusual language, or awkward phrasing, which can be a red flag.

​​​​​​​Hover Over Links to Verify URLs:

• Before clicking any link, hover your mouse over it to see the actual URL. Ensure it matches the legitimate site and doesn’t redirect to a suspicious domain.

​​​​​​​Verify Requests Through Official Channels:

• If you receive an email asking for personal information or claiming there’s an issue with your account, contact the organization directly using their official website or phone number.

​​​​​​​Monitor Financial Statements and Accounts:

• Regularly check your bank and credit card statements for any unauthorized transactions. Early detection of fraud can limit damage.

​​​​​​​Enable Two-Factor Authentication (2FA):

• Enable 2FA on all accounts that support it. This adds an additional layer of security, requiring a second verification step beyond just your password.

​​​​​​​Update Software Regularly:

• Keep your operating system, browser, and antivirus software updated to protect against vulnerabilities that phishing attacks may exploit.

​​​​​​​Educate Yourself and Others:

• Stay informed about the latest phishing techniques and educate those around you about how to recognize and avoid them.

​​​​​​​Report Phishing Attempts:

• If you receive a phishing email, report it to your email provider or the company being impersonated. Many companies have dedicated email addresses or forms for reporting phishing.

​​​​​​​Use Email Sandboxing or Virtual Machines for Suspicious Attachments:

• Open suspicious attachments in a sandboxed environment or a virtual machine to prevent any potential malware from affecting your main system.