Welcome to HackeRoyale.

Phishing Scams And How Can I Avoid Them ?!

Phishing Scam

Phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises (e.g., your university, your Internet service provider, your bank). These messages usually direct you to a spoofed website or otherwise get you to divulge private information (e.g., passphrase, credit card, or other account updates). The perpetrators then use this private information to commit identity theft.

One type of phishing attempt is an email message stating that you are receiving it due to fraudulent activity on your account, and asking you to “click here” to verify your information.

Phishing scams are crude social engineering tools designed to induce panic in the reader. These scams attempt to trick recipients into responding or clicking immediately, by claiming they will lose something (e.g., email, bank account). Such a claim is always indicative of a phishing scam, as responsible companies and organizations will never take these types of actions via email.

Specific types of phishing

Phishing scams vary widely in terms of their complexity, the quality of the forgery, and the attacker’s objective. Several distinct types of phishing have emerged.

Spear phishing

 

Phishing attacks directed at specific individuals, roles, or organizations are referred to as “spear phishing”. Since these attacks are so pointed, attackers may go to great lengths to gather specific personal or institutional information in the hope of making the attack more believable and increasing the likelihood of its success.

The best defense against spear phishing is to carefully, securely discard information (i.e., using a cross-cut shredder) that could be used in such an attack. Further, be aware of data that may be relatively easily obtainable (e.g., your title at work, your favorite places, or where you bank), and think before acting on seemingly random requests via email or phone.

Whaling

The term “whaling” is used to describe phishing attacks (usually spear phishing) directed specifically at executive officers or other high-profile targets within a business, government, or other organization.

Avoiding phishing scams

To guard against phishing scams, consider the following:

  • Reputable organizations will never use email to request that you reply with your password, full Social Security number, or confidential personal information. Be suspicious of any email message that asks you to enter or verify personal information, through a website or by replying to the message itself. Never reply to or click the links in such a message. If you think the message may be legitimate, go directly to the company’s website (i.e., type the real URL into your browser) or contact the company to see if you really do need to take the action described in the email message.
  • The safest practice is to read your email as plain text.

Phishing messages often contain clickable images that look legitimate; by reading messages in plain text, you can see the URLs that any images point to. Additionally, when you allow your mail client to read HTML or other non-text-only formatting, attackers can take advantage of your mail client’s ability to execute code, which leaves your computer vulnerable to virus, worms, and Trojans.

  • If you choose to read your email in HTML format:
    • Hover your mouse over the links in each email message to display the actual URL. Check whether the hover-text link matches what’s in the text, and whether the link looks like a site with which you would normally do business.

On an iOS device, tap and hold your finger over a link to display the URL. Unfortunately, Android does not currently support this.

    • Before you click a link, check to see if the message sender used a digital signature when sending the message. A digital signature helps ensure that the message actually came from the sender.

When you recognize a phishing message, first report it as noted below, and then delete the email message from your Inbox, and then empty it from the deleted items folder to avoid accidentally accessing the websites it points to.

Warnings

Reading email as plain text is a general best practice that, while avoiding some phishing attempts, won’t avoid them all. Some legitimate sites use redirect scripts that don’t check the redirects. Consequently, phishing perpetrators can use these scripts to redirect from legitimate sites to their fake sites.

Another tactic is to use a homograph attack, which, due to International Domain Name (IDN) support in modern browsers, allows attackers to use different language character sets to produce URLs that look remarkably like the authentic ones. See Don’t Trust Your Eyes or URLs.

Reporting phishing attempts

You can report phishing to us by sending email to [email protected](link sends e-mail)

  • You can report a phishing scam attempt to the company that is being spoofed.
  • You can also send reports to the Federal Trade Commission (FTC).
  • Depending on where you live, some local authorities also accept phishing scam reports.
  • Finally, you can send details to the Anti-Phishing Working Group, which is building a database of common scams to which people can refer.

Example of a phishing scam

The following phishing scam was targeted at the Indiana community:

—————————————————————–

 

From: “INDIANA.EDU SUPPORT TEAM” <[email protected]>

Reply-To: “INDIANA.EDU SUPPORT TEAM” <[email protected]>

Date: Sat, 12 Jul 2008 17:42:05 -0400

To: <“Undisclosed-Recipient:;”@iocaine.uits.indiana.edu>

Subject: CONFIRM YOUR ACCOUNT

 

Dear INDIANA.EDU email Subscriber

 

This mail is to inform all our {INDIANA.EDU} users that we

will be maintaining and upgrading our website in a couple of days from

now. As a Subscriber you are required to send us your Email account

details to enable us know if you are still making use of your

mailbox. Be informed that we will be deleting all mail account that is

not functioning to enable us create more space for new students and

staffs of the school, You are to send your mail account details which

are as follows:

 

*User Name:

*Password:

*Date of birth:

 

Failure to do this will immediately render your email address deactivated from our database.

 

Thank you for using INDIANA.EDU

FROM THE INDIANA.EDU SUPPORT TEAM

 

——————————————————————

 

Tags:
Android anonymity bug cmd commands dark web ddos deep web DNS encryption facebook fbhacks footprinting ftp Hack hacker Hacking info gathering kalilinux keyloggers links malware metasploit password payload phishing proxy root safety sniffing Social Engineering sql tools tor tutorials vpn vulnerability web-hacking wifi-hacking windows wireless hacking wireshark xposed xposed framework xposed modules

SIGN UP FOR OUR MAILING LIST!

Facebook
Twitter
LinkedIn
featured posts
PUBG Mobile Hack, aimbot, wallhack and other cheat codes [2018]

PUBG MOBILE Hack, Aimbot, Wallhack and other cheat codes (2022)

How To Hack Instagram Account Password Account

How Your Instagram Account Password Can Be Hacked - [The Ultimate Guide 2022]

hack facebook account password online

Top 5 Ways Your Facebook Account Password Can Be Hacked Online : 2022

Shadowave apk - hack fb id by sending link

Shadowave : Your Facebook ID Can Be Hacked By Sending Link

Deep Web Links

Deep Web Onion Links Grand List 2019 [8000+ Uncategorized Links]

Termux Hacks Guide [2018] : Tutorial, Commands List, Tools, Apk, Uses, Packages

Termux Hacks Guide [2022] : Tutorial, Commands List, Tools, Apk, Uses, Packages

free netflix accounts passwords hacks

How Hackers Get Netflix for Free – Netflix Account & Password Hacks [2022]

hack facebook account password using phishing

How Anomor Can Be Used To Hack Your Facebook Account – Tutorial [Part 1]

How To Hack Any Facebook Account Using Kali Linux: Tutorial

How Facebook Can Be Hacked Using Kali Linux Brute Force – Working Method [2019]

How To Hack WiFi Password On Android with/Without Root? : 2018

How Your WiFi Password Can Be Hacked On Android with/Without Root? : 2022

Your Website Can Be Hacked Using Android Without Root (SQLMAP Tutorial & Installation)

How To Hack Twitter Account Password Without Them Knowing [Tutorial 2018]

How Twitter Account Owners’ Passwords Get Hacked Without Them Knowing [Tutorial 2019]

categories

ABOUT US

HackeRoyale is a web site by and for hackers and security leaders devoted to making the Internet a safer place. Complete with text, graphic, and video content, our goal is to inform, advise, and exploit for the aforementioned purposes.

CONTACT US

© Copyright 2022 | HackeRoyale | HackeRoyale.com | All Rights Reserved

SUBSCRIBE FOR UPDATES

Get weekly updates by subscribing to our newsletter.