Phishing is the fraudulent attempt to obtain sensitive personal information such as usernames, passwords, credit card details etc., often for malicious reasons, via electronic communication. Cybercriminals disguise themselves as trustworthy entities and send such emails to unsuspecting persons.How can you differentiate genuine emails from phishing or spam emails? The below gives the most common indicators of phishing or spam emails. Any email with these characteristics is unlikely to be a genuine email.

Phishing EmailsSpam Emails
Looks at getting your personal information such as credit card number, password, bank account, etc.Normally unsolicited advertisements for products or services
Mostly sent to specific individuals or groups and appear to contain correct information, e.g. your nameIt is mass mailed to thousands or millions of recipients
Will include  malicious links to fake websites or links to malware downloadsWill have links to mostly legitimate websites that sell certain products or services
Mostly contain malicious attachmentsWill not contain attachments
The message carries a sense of urgencyDoes not require immediate action
Should be reported/forwarded to infosec@imbank.co.ke and deleted from your mailboxShould be marked as spam and deleted from your mailbox

Similarity between phishing and spam emails include;

  • They are unsolicited i.e. you didn’t ask for the email nor did you engage in any prior correspondence with the sender
  • They are illegitimate i.e. they use deceitful methods to make it to your inbox

Common Phishing email formats

FormatCharacteristicsYour Cyber Aware Response
Verify your Account·  Appears to come from a well-known company like I&M Bank, Gmail or Hotmail and asks you to sign in andcorrect an issue with your account·  Contains a link that points to a website pretending to be the aforementioned companies’ legitimate sites. This website asks for your user name and password to login.·  Do not click any links in the email. Instead, directly log in to your account by typing the address into your web browser.·  If you are unable to log in, contact the company via their official contact information.
Fake Invoice·  Contains a document attachment presented as an unpaid invoice and claims service will be terminated if invoice is not paid·  Targets individuals (by pretending to be a retailer) or businesses (by impersonating a vendor or supplier)·  Do not reply to the email. Contact the vendor/service directly using official contact information before submitting payment.·  By all means, do not open any attachments from unsolicited emails.
Online File Sharing·  Contains a link to what appears to be a shared file on Google Docs, Dropbox or other online file-sharing sites·  Contains a link that points to a page pretending to be a file-sharing site that asks for your user name and password to login.·  Do not click any links in the email. Instead, log in to your account and find the shared file by name.·  Remember to verify sender identity and use established Cloud file sharing services.

source imbankgroup.com