Christmas is around the corner. We will take advantage of Santa's shipping and messaging service to illustrate a few common phishing methods used by hackers.
Hacker or Santa?
Santa Claus sent you a message to announce that a gift is on its way. Of course, you know that Santa Claus exists, and you also know his celebrated delivery service, but you'd like to make sure that the message comes from him, not from a hacker. How can you do this?
As a rule, when a hacker creates a phishing e-mail, he takes advantage of any feature that allows him to go unnoticed. And there are quite a lot of them, that are used quite legitimately the rest of the time. His favourite tools are:
- Internet links, either concealed under text or complex to read
- Letter switches in well-known domain names
- Use of different extensions
- Falsified sender addresses
Tips to recognise Santa
Here are 5 tips that will keep you safe from hackers and let you identify without fail any legitimate messages Santa might send you.
Identify the links' destinations
Simply move your mouse over the links in an email (without clicking) to see what lies behind them.
An internet link always points to a website - but not always to the one you might expect! By taking a good look at the information in the link, you can check if the destination seems to be consistent with the rest of the email.
A hacker will often move or replace a few letters in the name of a known site. This works well because that type of trick is not easy to see when speed-reading a messaage.
Examples: commmande.com, cooopathome.ch, gooogle.com.
It takes a lot of attention to notice those differences requires a lot of attention.
Examine the sender's e-mail address
Even if it looks legitimate, a sender's address is NEVER proof that a message is legitimate because a hacker can fake it easily. On the other hand, if the address is an obvious fake, this is a definite proof that the message is malicious.
Look at the extension!
Hackers also frequently add an unusual extension to a legitimate domain name.
Example: shop.com and shop.co are very similar but may have entirely different owners (and purposes).
If in doubt, check suspicious emails on a sufficiently large screen
Checking a message on a mobile phone is hard work. Because of the small screen, only part of the relevant information is visible by default. Links or sender's emails are hidden. It is easy to miss something important. If an e-mail seems suspicious, you would be well advised to check it on a computer.
And now... Take the quiz!
Click here to play and see for yourself if you recognize Santa's messages.
The Navixia Team wishes you a safe and happy holiday season.