How to protect yourself from internet phishing
What is Phishing?
Phishing is a social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
An example scam is the “from” email scam – an email sent from your email address to you.
With the use of websites such as emkai.cz, anonymous email.me and deadfake.com, scammers can achieve this without logging into your account at all.
But how do you stop this? Unfortunately, there is no way to prevent spammers from spoofing your address. However, there are precautions you can take to prevent yourself from falling for these scams.
1. Cyber Training
Cyber training involves learning what spoofing is and applying a layer of skepticism while reading emails that seem suspicious to you. Know how the company communicates with you in regards to private information. It would help a great deal in not being a victim of the scams.
Remember, spammers can tell if you open an email (only if you allow images to be viewed in email), download an attachment included with the email, click a link within the email, or reply to the email. The best practice for spam prevention and personal security is, of course, to do none of those things unless you know the email is legitimate.
2. Email provider warnings
Email providers give warnings of emails that might be spam. Some, like Gmail, send the emails straight into the spam folder, with a warning attached to the email.
3. Proper configuration of DNS Records
Properly set up your DNS Records set. an SPF, DKIM, or DMARC policy helps reduce the chances of being spoofed. Every email domain comes with a set of Domain Name System (DNS) records, which are used to direct traffic to the correct hosting server or computer.
An SPF record works with the DNS record. When you send an email, the receiving service compares your provided domain address (@gmail.com) with your origin IP and the SPF record to make sure they match. If you send an email from a Gmail address, that email should also show that it originated from a Gmail-controlled device.
DKIM on the other hand provides an encryption key and digital signature that verifies that an email message was not forged or altered.
A DMARC policy allows a sender’s domain to indicate that their emails are protected by SPF and/or DKIM and tells a receiver what to do if neither of those authentication methods passes – such as to reject the message or quarantine it.
Strict policies such as quarantine might send legitimate emails into the spam box. If set, the spam folder should be checked regularly.
The reject policy is not recommended as emails detected as spam are deleted, so as not to land in your inbox or spam folder, and the user might not be aware of it.
To confirm that your domain is well protected, check here: https://www.ipvoid.com/email-spoof-check/
4. Email headers
These contain information that allows you to view information about the sender, their Ip address, and metadata related to them.
To read email headers on google, please check this tutorial: https://domains.eacdirectory.co.ke/knowledgebase/413/How-to-read-email-headers-on-google.html
In the case of another email provider, please follow this tutorial: https://domains.eacdirectory.co.ke/knowledgebase/120/Email-Headers
After inputting the email header message in the message header tool, we get an interpretation of the header. The metadata of interest is the snippet below;
While viewing the email in your browser/ mobile device, the information highlighted in the grey square is seen. However, the header information provides an IP address.
As seen in the information highlighted in the black square, the receiver differs from the one seen in your browser. This proves that the email was spoofed and you were being scammed.
In conclusion, there are many ways to protect yourself from internet phishing. The first way is to always be a smart user. In addition to the above measures, there are other ways to protect oneself, such as using antivirus software or updating your browser. Avoid using the same password for multiple accounts, use strong passwords, and never share passwords with anyone else.