MailSafi Glossary of Terms
Phishing email
An email used as a tool to carry out fraudulent activities like stealing and misusing personal information is called a phishing email.
Here is an example of a phishing email:
'Subject: Attention Required! Your account has been deactivated
This is to inform you that your account with (name of the company you trust) has been deactivated as your account has not been verified. Please download the pdf file and follow the steps to activate your account.Thank you.'
In the above example, the sender's identity is spoofed to establish trust. The subject of the email has a sense of urgency, which increases the chances of a response. If the target downloads the file, it will result in a security compromise that will pose an immediate threat to user's confidential information like passwords, bank account details, business email compromise (BEC), and more.
How to prevent phishing
• Identify and avoid acting on phishing email: Phishing is done with a spoofed identity. Checking the sender's name, email address, and domain name before responding to any email can mitigate the risk of falling victim to a phishing trap. Some typical tell-tale signs of a phishing email are:
- A sense of urgency in the email
- Request for immediate action…or else…
- Email contains a request for personal/confidential information
- Offer of financial rewards
- Instructions to download files (these are likely to contain malware)
• Create awareness among employees: Security and privacy standards are only as strong as your weakest link. Because employees are susceptible to phishing attacks, they must be given all the information they will need in case there is an attempt to breach security and privacy. This will help minimize cases of security breaches in phishing
• Implement SPF, DKIM and DMARC: Configuring these protocols in DNS allows for email authentication, which assures that the sender’s identity is verified. They also allow for email encryption. Encrypted messages indicate that the email's content has not been tampered with.