Email Phishing attacks rose in the Christmas 2015 season, and have continued to climb in entire 2016. But if we can identify Phishing Email and Phishing Websites, our half problem could have been solved.
According to APWG Phishing Activity Trends Report states email phishing attacks statistics as:
- The Anti-Phishing Working Group (APWG) observed more phishing attacks in Q1 2016 since it began tracking data in 2004.
- Q1 Phishing Activity Trends Report APWG reported that the number of phishing websites increased 250% between October 2015 and March 2016.
- Most targeted industry were retail and services sector during Q1 2016
- Phishers targeted 406 – 431 brands in Q1 2016.
- US continued its position at top on the list of nations hosting phishing websites.
- In Q1 2016, there were 20 million new malware samples.
- The world’s most-infected countries are led by China,Taiwan and Turkey.
Now lets start with how to identify phishing email?
- Unauthorized “From” email address : Always look into from address very carefully. For example if you receive an email from logx.in which is slightly different from logix.in there is a chance that you may do mistake.
- Immediate action email: Many times hackers will send email with immediate call to action like “your account will be invalid within 1 hour” or “offer will expire in 1 hour”
- Linking to fake web site: Most common phishing emails are linking to banking website and they will create banking website exactly like your banking site. Purpose is to trick you so that you disclose your user name and password. For example https://https://www.icicibank.com is fake address. Real Web address will have forward slash (“/”) https://www.icicibank.com/
- Spelling errors, poor grammar, or inferior graphics are very common mistakes done by hackers.
- Revealing personal information: Authorized organizations will never ask for personal information like password, bank account details or credit card number on email. If you receive such emails you should be extra cautious.
- Attachments : Never open any attachment without reading and checking all details carefully.
How to identify phishing website?
- Check Web address carefully : To identify phishing websites checking it thoroughly is most crucial part. What should you look into :
- Incorrect company name.
- Common spelling mistakes
- Proper https:// ending with /
- Poor website design
- Irritating popups
2. Don’t reveal your real password: If you have any confusion as it seems to be phishing site always put fake password. if you are still able to sign in then it will be 100% phishing website.