Phishing is a well-known term from since ’90s. We all have received phishing emails, Also we have visited phishing pages. It was a very successful trick before a few years. Nowadays many people are aware about these scams, but still it is a major threat to an organization in case of a targeted attack, performed by an elite cracker.
“85 percent of organizations have suffered phishing attacks in 2016”
source: Wombat 2016 State of the Phish
So, It is very important to identify a phishing email and trash it.
Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
Here’s how to identify a phishing email. whenever you receive an email ask your self the following questions.
- Do I know the Sender?
- Are there any attachments in the email?
- Is there any .exe file in the attachment?
- Are there any links in the email?
- Are they asking for personal information?
Here’s a Phishing flowchart from LifeHacker, which will help you identifying a phishing email.
Phishing Vs Pharming:
Phishing is performed to gain confidential information from a user or group of users, Pharming involves modifying DNS entries, which redirects every website visitor to a fake website in order to gain confidential information.
Here are some phishing email examples, you may find them similar. As they all have a common aim to lure you into giving your confidential information that they can use. Phishing webpages can be created for any website i.e. social network sites, sports websites, online gaming websites or online betting sites using their logos and images.
"This is a phishing page. Where should I report a phishing page?"
You can report phishing emails/websites to the respected organization/ bank. You can report phishing websites to these organizations.
You can report phishing websites / webpages to Google Safe Browsing team. Reports submitted here are collected and analysed. This is why google warns you automatically, when you encounter with a phishing website.
You can report phishing websites to Symantec using this link and Symantec will keep a record for such websites to warn others.
US-CERT collects phishing email messages and website locations so that we can help people avoid becoming victims of phishing scams.
You can report phishing to US-Computer Emergency Response Team by sending email to
Share this article to your friends and relatives. May be they are visiting a phishing website or reading a phishing Email right now.
- This Vulnerability in phpMyAdmin Lets An Attacker Perform DROP TABLE With A Single Click! - December 29, 2017
- NO! That Windows Update Will Not Save You From WannaCry! - May 22, 2017
- [Incident Response]: How To Stay Protected From A Ransomware Attack like Wannacry? - May 14, 2017
- How to Identify a Phishing Email, Website and Where To Report? - March 5, 2017
- Things To Know While Playing ‘Online Games’ - January 2, 2017