Phishing means that the adversaries try to get a user’s credentials, such as log-in information, without the user’s consent. This can, for example, be done by sending an email and asking for log-in information, or by making a user click on a malicious site that claims to be the intended service – but in fact, the website would belong to the adversary.
Key questions to detect phishing
There are some questions journalists should ask themselves if they receive a message.
Are you waiting for that message?
You do not wait for a phishing mail. You should always be suspicious if a sender contacts you when you’re not exactly expecting their message.
The adversary only succeeds if you do something: for example, if you enter your password on a fake website or transfer money to the wrong bank account. To achieve such an action, adversaries may manipulate your emotions to get you to act irrationally.
What could that be? A few examples:
- Fear: An adversary tries to make you believe that your account has been hacked and that you have to react immediately to reduce harm. You may then panic and not realise that it was a fake website that made you reset your password.
- Success: You wrote a great story and someone congratulated you for it. By making you click on a malicious link or open a malicious attachment, they promise to show you details of a new job offer.
- Friendship: You receive a message that claims to be from a close friend and refers to things you recently did together. In reality, the sender is an adversary who checked your public profile on social media and therefore knows who your friends are.
Especially with emails, an adversary can choose a display name that completely differs from the email address. For example, the display name "Reporters Without Borders" can easily be added to the email address firstname.lastname@example.org. Always check the email address for accuracy.
Often, an adversary makes spelling mistakes. This can be in the message itself or in the addresses. For example, an adversary could use email@example.com instead of firstname.lastname@example.org. You don’t see the difference? The first address says ‘r n a d r i d’ instead of ‘m a d r i d’.
Often, adversaries create links that seem to link to the real website but are in fact malicious. For example, https://google.com.adversary.com/help/journalists/password-stolen does not refer to google.com, but adversary.com. You should look at a link really carefully before clicking it. You should train for that in the phishing quizzes.
Adversary can hide malware in an attachment. Only opening a malicious attachment can be the end of the game. You should never click on an attachment if you are not 100 percent sure that it is legitimate.
The best way to detect phishing messages is to train that regularly. There are some quizzes out there that help you, e.g.
● by Google
● by OpenDNS
● by SonicWall