• +254 786 630 623
  • executive@sasait.com

A guide to identifying a Phish

What is phishing?

Phishing is a cyber-attack vector that involves luring people into providing sensitive information (e.g. login credentials, credit card numbers) through emails that appear to be from a legitimate source. These emails often contain a link or attachment that, when clicked, leads to a fake website designed to steal personal information. To protect yourself from phishing attacks, it’s important to be cautious of unsolicited emails, verify the sender’s identity before clicking on any links, and keep your computer and security software up-to-date. With this in mind, we are going to go through two of the most common types of phishing mail.

Password Resets

This type of phishing attempts to masquerade as a reputable service requesting you to update your password or any sensitive personal identifying information. Taking the case of mobile money fraud, a link to update your sim card will prompt the user to enter their ID card number and PIN before they can proceed.

This image has an empty alt attribute; its file name is H55f_qVPc-FGLj4-Nih2uWcbA-iwRgvnn_gXUkRg5MC-QP7A7FsWB4QlXUyn4_Rj_DFbyE5Sbl1BuK9L4NTlRYI42fnRLVgtJ2so3LbwHwVZDveBOqsQR82b_ZgcqHKNButzLS4BjhrNdxJ9M44zXWE

Before submitting any information, it is important to look at the address bar for any glaring warnings or misspelled names as below:

This image has an empty alt attribute; its file name is RTJ4oSA6FnhPRCTiXcD8jhb4CHRWd5iS8TOVVLfNpE14VrHNYCkvRQqgKrg_gAJ-MvCvB1UF6LccKOlv_wlFPFnMP70j7-IvPZ7d5KSKHzJuHnZipuJDHkdnV3tObHtFi3wlj5n1w-EsyQQmCAzFVBk

Scheduled Maintenance

Typically, this is a message prompting you to accept scheduled maintenance by a system administrator. These messages are typically associated with a sense of urgency to accept and perform a supposedly IT-administered system update. Before proceeding, it is important to inquire from the IT department if such communications are valid.

This image has an empty alt attribute; its file name is TRx4JJERR7VjF_GNXgXYgRMo6TxlmzxaGphcL7ZqY78Fcim4XN7okGza8a3iN-OgMAkRP-k6gP9X5A2ZmNAEqgSxRX_JLZIVVtAJVCjfDEdFL5c6eX99qtWdrfPeusqUjmcx0BFP3ns3-J0dQLMl6Co

Overall Advice

 Although phishing attack vectors are always evolving, it can be easy to recognize these attempts. You should be able to identify a malicious message with the help of the guidelines listed below.                                                                                                                        

1.     Always assume that you do not have to click on any link that you have received. It is important to have a keen look at the message sent and understand the context

2.     Be on the lookout for grammatical errors. Phishing messages are usually prone to wrong spellings and capitalizations.

3.     Always make a follow-up on any prompted action in the organization. This is a way of verifying the validity of such messages.

4.     Hover around links to see where they redirect you to. Even if the message seems legitimate, it may be prone to clickjacking and redirect your traffic to an undesired destination

All the best and stay safe. You can always reach us at sales@sasait.com on how to secure your mail and other enterprise network security or talk to us at 0786630623 for further queries.

Company

Quick Links

Copyright ©2024 All rights reserved | SasaIT Limited.
Facebook Linkedin Twitter

A guide to identifying a Phish