Any organisation — big or small, regardless of industry — can be the target of a phishing attack.
One of the many causes of accounts getting hacked is when users visit websites and click or download malicious files and links. At times, users unwillingly and unknowingly enter their personal information on such sites.
This information is used to install backdoor bots, ransomware and even system monitors that can track and store all your browsing history even after the website or file is closed.
This attack on the system is called as Phishing.
Any organisation — big or small, regardless of industry — can be the target of a phishing attack. That's because many phishing messages are delivered via spam emails.
Here is how to spot a phishing attack and be secure online:
1. URLs contain a misleading domain name
Most of the users aren’t aware of the structuring of a domain name. The structure of a standard domain name is: subdomain-name.domain-name.com (or .in/.org, depending upon the type of website)
For example, an official website of Apple will have a name - subdomain-name/apple.com wherein the domain name will be on the right and the subdomain name will be on the left.
Phishing sites will have the domain name as apple.mailicious.com or maybe info.appel.com that will try to fool the customer by mimicking itself as Apple’s website.
2. Incorrect language and grammar
When a company sends in a notice or a mail, there aren’t any mistakes in the copy as it is usually proof-read before being forwarded. So, if you receive a mail with incorrect use of grammar, confirm once before entering any valuable information or before replying.
3. Messages asking for personal information
Hackers might portray themselves as an employee of a company of which you might be using a service. They could ask you for personal information to update into their system. Keep in mind; no company allows its employees to ask customers for their credentials unless required for verification purpose, which is done and confirmed by the employee.
4. Getting replies to actions, you have not initiated
You might get messages that you have won a lottery or a special offer by some brand, and to receive the amount, you would need to enter your bank account details. Beware, they are mostly fake.
5. Messages are asking for investment for manifold returnsThere have been cases wherein people are asked to invest in a product/service/policy and in exchange they will get 10x of the investment they have made. If it sounds too good to be true then take it only to be a scam that would fool you and never return your money.