Phishing is the fraudulent attempt to obtain sensitive personal information such as usernames, passwords, credit card details etc., often for malicious reasons, via electronic communication. Cybercriminals disguise themselves as trustworthy entities and send such emails to unsuspecting persons.How can you differentiate genuine emails from phishing or spam emails? The below gives the most common indicators of phishing or spam emails. Any email with these characteristics is unlikely to be a genuine email.
Phishing Emails | Spam Emails |
Looks at getting your personal information such as credit card number, password, bank account, etc. | Normally unsolicited advertisements for products or services |
Mostly sent to specific individuals or groups and appear to contain correct information, e.g. your name | It is mass mailed to thousands or millions of recipients |
Will include malicious links to fake websites or links to malware downloads | Will have links to mostly legitimate websites that sell certain products or services |
Mostly contain malicious attachments | Will not contain attachments |
The message carries a sense of urgency | Does not require immediate action |
Should be reported/forwarded to infosec@imbank.co.ke and deleted from your mailbox | Should be marked as spam and deleted from your mailbox |
Similarity between phishing and spam emails include;
- They are unsolicited i.e. you didn’t ask for the email nor did you engage in any prior correspondence with the sender
- They are illegitimate i.e. they use deceitful methods to make it to your inbox
Common Phishing email formats
Format | Characteristics | Your Cyber Aware Response |
Verify your Account | · Appears to come from a well-known company like I&M Bank, Gmail or Hotmail and asks you to sign in andcorrect an issue with your account· Contains a link that points to a website pretending to be the aforementioned companies’ legitimate sites. This website asks for your user name and password to login. | · Do not click any links in the email. Instead, directly log in to your account by typing the address into your web browser.· If you are unable to log in, contact the company via their official contact information. |
Fake Invoice | · Contains a document attachment presented as an unpaid invoice and claims service will be terminated if invoice is not paid· Targets individuals (by pretending to be a retailer) or businesses (by impersonating a vendor or supplier) | · Do not reply to the email. Contact the vendor/service directly using official contact information before submitting payment.· By all means, do not open any attachments from unsolicited emails. |
Online File Sharing | · Contains a link to what appears to be a shared file on Google Docs, Dropbox or other online file-sharing sites· Contains a link that points to a page pretending to be a file-sharing site that asks for your user name and password to login. | · Do not click any links in the email. Instead, log in to your account and find the shared file by name.· Remember to verify sender identity and use established Cloud file sharing services. |
source imbankgroup.com