Understanding What is Email Phishing and its Types, Dangers, and How to Avoid It

The Indonesian Internet Domain Name Management (PANDI) received 5,579 phishing reports in April-June 2022. This number is higher than the previous quarter, which only had 1,637 cases. This report proves that email phishing is a cybercrime that Indonesian citizens often experience.

The term email phishing is still unfamiliar to some Indonesians. No wonder this case is increasing every year. You need to know the dangers of phishing and how to deal with it to avoid this case. Check out this review to learn more about phishing.
 

What is Phishing?

To help you understand what phishing emails are, it helps to understand what phishing is first.

Simply put, phishing is an attempt to obtain someone's personal information, whether it's information such as name, age, residence, or access to me, such as email, username, and password, or financial data such as credit card information, bank accounts, and more.

Phishers work by luring people into revealing such information, for example, by posing as someone from a trusted institution, such as a bank, social media company, or related company's customer service.

This phishing activity can take various forms, such as web phishing, URL phishing, caller ID phishing, and email phishing.
 

What is Email Phishing?

Email phishing is the act of tricking a person or organization through email to obtain important, confidential, and sensitive information. It is one of the cyber crimes carried out by someone posing as an official party or institution.

The perpetrators of phishing emails usually use email addresses that are more or less similar to official institutions. It means victims or potential phishing victims are trapped by the fake emails they get.

Phishing in English comes from the word fishing, which means fishing. In short, phishing is an attempt to lure victims so that they want to make the sender's request, generally providing personal data.

Phishers are not official institutions. They write fake emails and create websites that look like the real thing. Phishing websites are easier to detect because they have different links from the original website.

However, phishing emails are difficult to identify because the perpetrators use spoofing techniques, which create account names and email addresses that appear to be the same as the real address. The content of the phishing email is an invitation to click the link in the email subject and enter sensitive data such as email addresses and passwords.

Also Read: How to Secure Email Accounts from Hackers Effectively

Indonesian citizens' unawareness of phishing increases the number of cases. In addition, phishers tend to use more than one domain name to carry out their actions.
 

What are the Characteristics of Phishing Email?

To avoid phishing, especially phishing emails, you can learn some of the characteristics. Avoid sending emails or text messages with the following characteristics if you find them in your inbox.
 

1. Sloppy Language

The first characteristic of phishing emails is sloppy language and writing style because the sender is just an ordinary person who needs help understanding grammar rules. However, phishers are getting smarter nowadays. They can copy sentences from official emails and then modify them. Some perpetrators look polite in language, so these characteristics are not the leading benchmark.
 

2. Suspicious Links

Phishing emails always contain suspicious links. The link may lead to a landing page or website that traps the victim. You need to recognize the fake links embedded in the email so you don't get tricked into clicking on them.
 

3. Unprofessional Email Domain

Official institutions always use a special domain as part of their identity. For example, Cloudmatika's email address always uses the @cloudmatika.co.id domain. Meanwhile, phishers always use free domains that do not reflect the official institution.
 

4. Fake Website Resembles the Real One

Email and websites have become a package deal in phishing. This website tends to be where phishing victims enter sensitive information. The website is made to resemble the original website, from the logo to the color scheme. Therefore, you need to cross-check the website, link, and identity of the sender of the phishing email.
 

What are the different types of phishing emails to watch out for?

Phishers send different types of emails. You should be aware of the following three types of phishing emails.
 

1. Spear Phishing

Spear phishing is like a fisherman who casts a hook randomly but only targets specific types of fish. In the context of cybercrime, emails appear to be sent from a valid address but target particular fish. Phishers recognize the details of potential victims through social media or Man-in-the-Middle techniques.

Also Read: Understand What is Cyber Attack and How to Prevent It on Your Website

Afterward, the perpetrator sends a fake email posing as a client, coworker, or relative of the victim. The content of the email is also a request for important or confidential information.
 

2. Clone Phishing

This type of phishing email uses a duplication technique of the original email that has been sent. The perpetrator changes the link or file attached to the original email into malware, then falsifies the address and email to make it look genuine. The perpetrator sends more than one email and claims it is being resent due to network problems.

Clone phishing is more dangerous than other types of phishing because it is difficult for victims to recognize a fake email.
 

3. Whaling

As the name implies, whale phishing (whaling) targets emails belonging to important individuals within the institution. The perpetrators aim to extract important information or gain access to the institution's systems to carry out criminal acts. The reasons given tend to involve lawsuits or the good name of the organization.

Whaling operations use spoofing techniques so the victim immediately believes the email and performs the requested action.
 

How to Prevent Phishing Email Attacks?

The good news is that you can prevent phishing emails from developing into cybercrime cases. Follow the steps below to avoid phishing emails.
 

1. Check the Authenticity of the Email Sender

The authenticity of the sender can be seen through the identity of the name and email address. So, what if the perpetrator uses spoofing techniques to make his identity look genuine? According to the mail client used, you can check the email body, especially the header and footer sections.

Also Read: Various Ways to Block Spam Email Precisely and Easily
 

2. Don't Give Personal Data

Be careful when providing personal data anywhere, including social media and websites. The perpetrator can use this information to launch an action, especially spear phishing.
 

3. Be Careful Displaying Email Addresses

Please keep your email address confidential from the public so that phishers do not easily search it. Hide your email address information on your social media.
 

4. Scan with Antivirus

Phishing emails can also contain file attachments containing malware. The malware can be automatically downloaded onto your computer even if the file hasn't been downloaded yet. Immediately track down the malware with the latest antivirus software. Delete any suspicious scripts, as this malware can steal your personal information.
 

5. Don't Click on Links in Emails

Check and ensure the link is safe before clicking it. Take your time, even if the content of the email is quite fantastic. Ensure you only click on links from trusted emails and that you have subscribed to the newsletter.
 

6. Optimize Website and Email Security

Use the official Secure Socket Layer (SSL) security system for your website and email. Set up email security through the spam filter feature in CPanel. Avoid pirated themes and plugins when managing your website, as they are more prone to malware infiltration.
 

7. Educate Employees

Make sure your employees recognize the dangers of phishing emails so that they can avoid them. Encourage them to understand the importance of being aware of unsolicited emails, avoiding suspicious links, and not sharing sensitive information carelessly.
 

8. Use a Trusted Email Service

Finally, use a trusted email service with anti-spam features. These features can automatically block phishing emails, so you don't have to filter and delete them individually.

Cloudmatika's Mail Buster email spam filtering service is the best-kept secret in preventing phishing emails. Mail Buster is very sophisticated because it utilizes machine learning technology and heuristic analysis. In addition to phishing attacks, your inbox remains safe from malware and viruses that infiltrate emails. Contact Cloudmatika to find out more information and try a free trial of this software.