Phishing (simply pronounced 'fishing') is nothing new; the term can even be traced back to AOL newsgroups in 1996. However, the technique, or the idea, behind phishing is as old as humanity itself.
Over the last few years, phishing emails have become increasingly sophisticated and harder to distinguish from genuine ones; however, with a little common sense, you can see through them, and therefore, here are a few tips.
The requested action
If the email states that you must change your password within 24 hours or “verify your account details”, you can almost certainly assume that this is not actually an email from your bank.
Emails urging quick action are therefore usually unreliable. Also, never provide your personal or login details; if the site already stores this information anyway, it is simply in their database.
Layout and counterfeit
It may seem obvious, but if it contains spelling errors or if the email is not displayed correctly—whether due to strange characters or simply complete HTML errors—there is a high chance that it was not sent by the real sender. Most large companies use HTML templates, and if you suddenly receive a plain text version, you can assume that it is a spam or phishing email.
Even if the formatting is correct and the email contains official images or logos, this does not automatically mean it is a genuine email. Anyone can insert images into an email, and a skilled spammer or phisher can even make it appear as if the email was sent from an 'official' email address. Therefore, the next step in unmasking phishing emails involves the URLs used.
URL's
Formatting, requests, and the tone of voice of an email can be mimicked quite well, but with URLs this becomes more difficult, and this is actually the first check you perform when you receive a suspicious email.
Companies pay a fortune for their philosophically conceived business and domain names and then don't use an IP address as a URL. Also remember that what you see on your screen is not always the underlying URL. This URL looks good: https://www.snsbank.nl/mijnsns/secure/login.html, but just hover your mouse over it and check the status bar of your browser (usually in the bottom left).
An IP is of course easy to recognize, but also pay close attention to the URL; what if there happens to be “sns.inloggen.nl" stood? This is not an SNS bank domain, but the domain loginingen.nl. Still too easy? How about www.mijnsns.nl.tt/secure/login.html?
Even if the URL is genuine, this does not automatically mean you are completely safe. As long as websites are created by people, human errors will always occur, and sites will be vulnerable to cross-site scripting. This is actually a blog post in itself, but to keep it brief: by introducing malicious software into the current website, your data can be stolen.
Therefore, do not trust URLs with large amounts of extra parameters either. This URL does not look very reliable: https://www.mijnsns.nl/mijnsns/secure/j_security_check?var=script(document.cookie)&letniet=opmij&ikbeneenparameter[]=metzogenaamdekwadesoftware&_engeurl=ja
How to counteract this?
There are a few things you can do to ensure that you are and stay safe:
- Spam filters in your email program – Just make sure that phishing emails don't even reach your inbox.
- Browser up-to-date – Also keep your browser up to date; this ensures that no unwanted things are sent should you end up on a suspicious site. Some browsers already have built-in functions to block phishing sites.
- Stay critical! – Why does the bank want my password? Why does Company X want to close my account; do they not want customers? Why did I win a Russian lottery? Why does the King of Nigeria want to transfer money to me?