How to Identify a Phishing Email, Website and Where To Report?

Phishing is a well-known term from since ’90s. We all have received phishing emails, Also we have visited phishing pages. It was a very successful trick before a few years. Nowadays many people are aware about these scams, but still it is a major threat to an organization in case of a targeted attack, performed by an elite cracker.

“85 percent of organizations have suffered phishing attacks in 2016”

source: Wombat 2016 State of the Phish

So, It is very important to identify a phishing email and trash it.

Phishing:

Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.

Here’s how to identify a phishing email. whenever you receive an email ask your self the following questions.

  1. Do I know the Sender?
  2. Are there any attachments in the email?
  3. Is there any .exe file in the attachment?
  4. Are there any links in the email?
  5. Are they asking for personal information?

Here’s a Phishing flowchart from LifeHacker, which will help you identifying a phishing email.how-to-identify-a-phishing-email

Phishing Vs Pharming:

Phishing is performed to gain confidential information from a user or group of users, Pharming involves modifying DNS entries, which redirects every website visitor to a fake website in order to gain confidential information.

Here are some phishing email examples, you may find them similar. As they all have a common aim to lure you into giving your confidential information that they can use. Phishing webpages can be created for any website i.e. social network sites, sports websites, online gaming websites or online betting sites using their logos and images.

Phishing Email Example
Image Credit: Lehigh University

 

Phishing Email Example
Image Credit: Infosec Institute

"This is a phishing page. Where should I report a phishing page?"

You can report phishing emails/websites to the respected organization/ bank. You can report phishing websites to these organizations.

Read Also: Cyber Security: 15 Simple Steps To Protect Your Self Against Cyber Attacks

1. Google

You can report phishing websites / webpages to Google Safe Browsing team. Reports submitted here are collected and analysed. This is why google warns you automatically, when you encounter with a phishing website.

Report a Phishing website to Google

 report-phishing-website-webpage-to-google

2. Symantec

You can report phishing websites to Symantec using this link and Symantec will keep a record for such websites to warn others.

Report a Phishing website to Symantec

 

report-phishing-website-webpage-to-symantec

3. US-CERT

US-CERT collects phishing email messages and website locations so that we can help people avoid becoming victims of phishing scams.

You can report phishing to US-Computer Emergency Response Team by sending email to  phishing-report@us-cert.gov

Report a Phishing website to US-CERT

report-phishing-website-webpage-to-United-States-CERT

 

Share this article to your friends and relatives. May be they are visiting a phishing website or reading a phishing Email right now.

 

About Ashutosh Barot

Ashutosh Barot is a Security Researcher, Tech Enthusiast, Pursuing M.Tech in Cyber Security and Incident Response at Gujarat Forensic Sciences University,Gujarat. He has been acknowledged by various organizations such as Symantec Corporation, J.P.Morgan, Trend Micro, Verizon Enterprise, Go Airlines, Codecademy etc. for finding out security flaws in their websites.

Ashutosh Barot

Ashutosh Barot is a Security Researcher, Tech Enthusiast, Pursuing M.Tech in Cyber Security and Incident Response at Gujarat Forensic Sciences University,Gujarat. He has been acknowledged by various organizations such as Symantec Corporation, J.P.Morgan, Trend Micro, Verizon Enterprise, Go Airlines, Codecademy etc. for finding out security flaws in their websites.