DEV Community

Cover image for A simple way to Understand how you get attack from Phishing (Emails, Messaging Apps etc.)
Ahmed Adewale Afolayan
Ahmed Adewale Afolayan

Posted on

A simple way to Understand how you get attack from Phishing (Emails, Messaging Apps etc.)

What is it Phishing.

Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication such as (Email, SMS, Text messages, Mobile app messages, and social media posts.)

So how does phishing attacks work

A malicious link will be sent, once clicked, It begins the process to Steal data, financial card information, login credentials, and also infect your device, phones with malware(Virus) when you download the attached document.

Phishing links don’t just come in emails alone. several malicious links that lead to stolen data and infected devices can be found in SMS text messages, Mobile app messages, Social media posts.

How I received these compromised messages.

The phishing emails and text may usually look like a message from a company you know or trust. They may look like they’re from your financial institution, banks, your social networking site like Facebook or Instagram, an online payment website or app, or an online store like amazon, jumia or konga etc.
These emails or text messages often tell a story to trick you into clicking on a link or opening an attachment.

The usually are like:
Hello there,
“We noticed some suspicious activity or log-in attempts to account..
“there’s a problem with your account or your payment information click to update here…
“Please update some personal information…..
“say you’re eligible for a government fund, download the registration form.
“You have a coupon for free stuff.”

Such emails usually have real consequences for people who give attackers their information. And also harm the reputation of the companies they’re spoofing.

How they get access to your login details/credentials

When you receive this unsolicited email from an institution that provides a link or attachment and asks you to provide sensitive information, it’s usually a scam. Most companies will not send you an email asking for passwords, credit card information.

Companies make use of unique or verified domains to send emails.
Don’t just check the name of the person sending you the email.
Check their email address by hovering your mouse over the ‘from’ address. Make sure no alterations (like additional numbers or letters) have been made.
Check out the difference between these two email addresses as an example of altered emails:

joe@github.com is different from joe@gitnub.com
There is a difference in the letter, notice the *(n)

GITHUB is a popular website for developers.. The domain is github.com
The later is the wrong URL which the attackers would make a similar website Clone..
Once you log into the clone website you would have exposed your credential to the attackers.

How your attackers get access to your data through attaching a Malware ..

Attackers have traditionally relied on malicious links and attachments embedded in phishing emails. Phishing emails contain contents in the form of downloadable attachment. This will either be an infected attachment that you’re asked to download or a link to a fraudulent website.

The purpose of these email attacks is to capture sensitive information, such as login credentials, credit card details, phone numbers and account numbers.

When the attachment gets opened, they’ll see that the content isn’t intended for them, but it will be too late. The document deploys malware on the victim’s computer, which could perform any number of nefarious activities.

It is best that you never open an attachment unless you are sure that the message is from a trusted source.. Even then, you should look out for anything suspicious in the attachment.

How do you prevent an attack via phishing

I have highlighted some checks to prevent these attacks and also techniques to deploy if you notice an attack.

Think before you click the download button or link in your mail
Verify a Site’s Security, have a check on the domain name
Keep all systems current with the latest security patches and updates.

Change your password to any accounts you think are compromised

Use two-factor authentication wherever it is supported

Note:
To be extra careful, you should:
“NEVER enter any personal data or login details to a website unless you are ABSOLUTELY sure it is legit.”

Top comments (0)