How to Recognize and Protect Yourself from Email Scams
(Email Phishing)
Are you truly certain that the email you received from your bank was actually sent by your bank? Both businesses and individuals are often targeted by fraudulent emails, known as email phishing, which appear to be sent from a bank or other company you engage with. However, once you download a file onto your computer or click on a link in the email, attackers gain access to your sensitive information.
In this article, we’ll delve into 7 characteristics of email phishing to help you identify fraudulent emails, as well as methods for preventing and blocking them.
What is Phishing?
Phishing is a scamming method where attackers send you content posing as a legitimate company, aiming to either open files or obtain confidential information.
How to Recognize Phishing Emails?
The most infamous example of a phishing email is the “Nigerian Prince” scam, where individuals were asked to send money, and emails often began with the phrase “Salutations from the son of the deposed Prince of Nigeria…”. Initially, it was relatively easy to recognize these fraudulent emails. However, over time, phishing emails have become increasingly similar to genuine emails, making them much harder to detect.
Here are some key characteristics of phishing emails:
- Emails are not sent from the claimed domain.
- They use generic greetings.
- Links within the email direct to a third-party site.
- They request confidential information via email.
- Suspicious files are attached with peculiar names.
Examples of Phishing Emails We’ve highlighted 7 real-life examples of phishing emails, noting that all data, including email addresses and domains in the images, have been altered.
1.They ask for information via email
If you receive an email from a bank asking you to download a file from the attachment containing a list of transactions, edit it, and send it back, there’s a high chance it’s a SPAM/phishing email. Genuine companies will never ask for confidential information like passwords, account numbers, or credit card details via email. Instead, they will provide you with a link to a form on their website where you must log in beforehand to enter such information.
2.They don’t address you by name.
Phishing emails typically start with generic greetings, such as “Dear Sir” or “Dear Customer.” This should be your first red flag because companies with whom you have accounts have your information and will address you by name in most cases, for example, “Dear John” or “Dear Emily.”
3.They don’t send emails from their own domain.
It’s important to note that the From address in the email header isn’t necessarily the address from which the email is actually sent. The From address is simply the address displayed as the sender of the email, while the Sender address is actually the one from which the email is sent. It’s good practice for both addresses to match, but since most email programs like Gmail or Webmail only display the From address, this is often exploited. If you suspect that the email is coming from a different address, you can click on “Details” and then “All headers…” to see the message header where both the From and Sender addresses are listed.
4. Cyber Extortion: Recognizing and Responding to Threatening Emails
In a plain extortion email, recipients receive a threatening message purportedly from a hacker claiming to have access to sensitive data. The email typically contains a link that, when clicked, supposedly reveals the compromised information. In exchange for not disclosing this data publicly, the hacker demands payment. This form of cyber extortion preys on fear and urgency, urging victims to comply with the hacker’s demands to avoid potential repercussions. However, it’s crucial for individuals and organizations to remain vigilant, refrain from clicking on suspicious links, and report such incidents to the appropriate authorities or cybersecurity professionals.
5. They force you to their site.
The most effective phishing emails are those that demand urgent action from the recipient under threatening excuses: Your account will be suspended, You have exceeded the email quota, so it will not work until you delete it by clicking the button in the email, Someone has sent you a message click to see it, etc.
6. They send you files for download.
This is also another sign of phishing emails; typically, institutions such as banks will not send you attachments in emails for you to fill in information and send them back. Instead, they will send you links to their website where you can download or fill out documents if you are logged into your account. Of course, there are exceptions here, and some companies will send you files such as bills or statements. However, even in those cases, pay attention if the files have .exe, .rar, or .zip extensions, which often contain malicious files.
7. Links don’t match the website.
In this email example, it states that it comes from a DHL well known and reputable place; however, clicking on the email and signature opens a page that is not on this domain. But you don’t have to click on the link to check this. On a computer, when you hover over a link in the bottom left corner, you can see the link that would open if you clicked on it.
How to Block Such Phishing Emails
We’ll go through two options for blocking SPAM emails on cPanel: using Email Filters and using Spam Filters.
Email Filters
You can filter emails on cPanel using the following options:
Under Global Email Filters, you set filters that apply to all created email addresses, while under Email Filters, you can set filters for each email address separately. These filters operate based on rules such as:
- If an email comes from a specific address or domain, it should be deleted.
- If the content of the email or the subject contains any of the following words, then it should be moved to the SPAM folder. In the Rules field, you can set the condition (IF), while in the Actions field (WHAT), you set what should be done with such emails. Examples of email filters:
Delete all emails coming from a specific domain
Create a filter to move emails containing a specific word in the subject to the spam folder
Forward emails containing a specific word in the body to a designated email address,
You can do a lot with email filters – including accidentally creating filters that delete emails you didn’t intend to delete. Be careful when creating filters and use the cPanel filter tester to verify that the filter is indeed doing what you want it to do.
Spam Filters
Another option available on cPanel that you can use to block phishing emails is the Spam Filter, where you can configure actions to take on emails that the system identifies as spam (such as deleting them), as well as completely block incoming emails from a specific address or domain by adding them to the blacklist.
By default, the option enabled on cPanel is to move incoming emails rated as spam (rating over 5) to the SPAM folder. However, although we do not recommend auto-delete, you can configure such emails to be automatically deleted by enabling the Automatically Delete New Spam (Auto-Delete) option.
Under Additional Configurations, you’ll find the Blacklist option, where you can specify domains or email addresses from which you never want to receive emails.
Examples of blacklist entries:
DELETE ALL EMAILS COMING FROM A SPECIFIC EMAIL ADDRESS
This will delete all incoming emails from [email protected]
DELETE ALL EMAILS COMING FROM A SPECIFIC DOMAIN
DELETE ALL EMAILS COMING FROM THE DOMAIN @specificdomain.com
DELETE ALL EMAILS COMING FROM ADDRESSES ENDING WITH THE LETTERS…
DELETE ALL EMAILS COMING FROM ADDRESSES ENDING WITH THE LETTERS “na”
Discover more insightful articles on the AltusHost blog and explore our diverse range of hosting packages, all accessible via cPanel for seamless email filtering. Your online security and data integrity are paramount, and the AltusHost team is here to assist you with any inquiries or assistance you may require. Stay tuned for more tutorials and helpful resources aimed at empowering you to navigate and resolve challenges effectively. Should you need any further assistance, don’t hesitate to reach out to AltusHost support. Until next time, happy reading!
