Email phishing and spoofing

Phishing is the fraudulent practice of sending emails disguised as a reputable and trustworthy company with the intention to persuade individuals to reveal their personal details such as passwords or credit card information.

The email usually notifies you that your account has been compromised and you need to respond immediately by clicking on the link or attachment provided.

People who perform phishing scams are cybercriminals who are attempting to steal your money or your sensitive information.

They use tricks and techniques to deceive individuals into giving out their information. It is easy for these scammers when users are not knowledgeable.

It is the forgery of email headers to mislead the recipients about the origin of the message. Another phishing technique.

When you look at an email address in your email program (Outlook/ Thunderbird/ Mac mail), you are not seeing the true email but only the sender, the recipient/s, the subject and the body of the email. Your email software displays who an email is from in the “From” field. However, no verification is performed and therefore your email software has no way of knowing or validating if an email is actually from who it says it’s from.

When an email message is sent, there are two pieces of information sent in the headers during the initial connection which is not visible to the end user, this loophole is exploited by scammers in electronic mail, a concept well known as email spoofing in computing.

Phishing scammers will use designs that look very similar to the company they are trying to imitate.

What to look for when trying to recognise a phishing/scam mail:

• An unfamiliar or unusual email address that the mail was sent from.
• Bad spelling and grammar.
• The language used in the mail will make the request seem very urgent and require you to act immediately.
• Usually a call-to-action request, such as click this button or open the attachment.
• Be very cautious with your personal information including your username and passwords. Do not share this information.
• Legitimate businesses will not send you an email asking for your login or sensitive personal information.
• Verify the reply-to address.
• A generic greeting is usually used and is not addressed specifically to you. The email might open with a generic greeting such as “Dear Sir or Madam” or "Dear User" and may sign off with something generic such as “Regards, the Team”.
• Add an SPF record to prevent scammers from spoofing your domain.
• An unfamiliar URL or web address is used.
• The contact information is inconsistent and looks different.

As these scammers continue to evolve their attacks to infiltrate your data through techniques such as a scam phone call, SMS, or malicious code installed on your computers that redirects you to a fake website, it is advisable to have security software such as antivirus protection to defend yourself from any attacks.