AllinSSL Co.Ltd / 2020-06-16 11:59:45 / news
The internet is full of scammers trying to shell out data, personal information, and money from you. Hence, it becomes essential to have the basic knowledge to keep yourself from falling into such traps. In this article, let's see how to verify fake email ID and unsafe websites within minutes.
The primary objective of fake emails is to make a profit by either selling your personal information, getting access to your profiles, or stealing money from your bank accounts. Therefore, before proceeding with an email, you should check for certain key points to see if it's authentic.
The first thing to note is that no legitimate company will contact you from a public email domain such as ‘@gmail.com' or ‘@yahoo.com.'
Every organization has its own email address domain and accounts. For instance, Google or its employees will never mail you from ‘firstname.lastname@example.org'. Instead, they'll be using their custom domain email, i.e., @google.com.
So, if the domain name post ‘@' in an email address matches the company's official website or has the organization's name, the email is likely to be authentic.
Hackers may still use rogue servers to fake the sender address as email@example.com or any other organization. However, they can't falsify other information.
To check the same, click on the drop-down arrow below the sender's email address. You'll now see the detailed information, including the mailed-by, signed-by, and encryption used.
Visible mailed-by and signed-by fields imply that the email was SPF-authenticated and DKIM-signed, respectively. Besides, the presence of TLS or SSL encryption means that the email was encrypted throughout the journey to your inbox.
Emails from big companies or banks will always have mailed-by and signed-by fields with the official domain, followed by encryption.The majority of scam emails don't use secure connections, neither they have a signee. Even if they do, it is generic and unrelated to the claimed domain.
Before clicking on any button or tapping any link in the email, hover your mouse cursor over it.
You'll now be able to see the real address to which you'll be directed to (at the bottom left corner of your browser). This will help you check if it's driving you to a malicious, fake link or a completely unrelated website.
Scam emails are usually poorly formatted and have grammatical issues. So, look carefully for grammatical problems and the use of inappropriate words. If you see any signs of typo or words that are similar to other spam emails you've received so far, it is likely a scam.
Do not open attachments from unknown people unless you're confident that it's legitimate. In many cases, it could be a malicious file that could infect your computer.
So, always check for suspicious signs such as pop-up warnings about the file's legitimacy. Keep a good antivirus software installed on your computer.
You may be redirected to fairly legit-looking websites from either emails or social media platforms. Before you enter any personal information or pay for anything, it's essential to check if the site you've landed on is safe or not.
As mentioned, the URL defines the legitimacy of your site. Whenever visiting a website, always check its URL to see if it's genuinely the official site of a particular company or organization. For instance, ‘flipkart.com' is real, but anything like ‘flipkart.offers24.com' is fake and shouldn't be trusted upon.
The next thing to check is encryption being used on the site. If you see a paddock lock beside the site URL, it means that the site is using SSL or TLS encryption. For starters, HTTPS (HTTP + TLS) sites are secure and encrypted, compared to HTTP.
SSL ensures that your information cannot be intercepted or snooped upon by any third-party. Without SSL, you are at a higher risk of getting your data stolen.
So, if a site uses insecure HTTP or FTP protocol and doesn't have a paddock lock, do not enter any sensitive information such as credit card information, home addresses, and financial data.
Any site having a valid SSL certificate and organization name in the URL domain may look legit enough. Nevertheless, hackers may still try to fool you by using subdomains to mimic a domain.
For example, the page below is designed to look like it's PayPal.com. And indeed, many of you will proceed to login, thinking it's real. However, if you look closely, paypal.com isn't the real domain; the actual domain is ‘confirmation-manager-security.com' with ‘paypal.com' added as a subdomain to make it look real.
PayPal Phishing Site
You must note that the real domain name comes right before ‘.com' in the end. For instance, “xyz.paypal.com” vs. “paypal.com.xyz.com”– see the difference? Having an SSL certificate doesn't necessarily guarantee the legitimacy of a site. You should rather check its URL.
Google's Safe Browsing technology examines billions of URLs per day, looking for unsafe websites. You can use the same to check a website for safety concerns.
Head over to Google Transparency Report page, enter the website URL, and wait for Google to give information on the site's safety.
Google may occasionally miss out on stuff but nothing for too long. So, whenever you're doubtful about something, google it!
This was all about how to verify fake email ID and unsafe websites before clicking any links. We hope that you're now able to safeguard yourself against scammers trying to steal your data. Anyway, what security measures do you use? Do let us know in the comments below. Feel free to reach out for any doubts or queries.