If it’s fishy – a sign that it’s phishing

Cybersecurity Awareness Month is a reminder to the general public and organizations about the importance of cybersecurity. This year, Israel National Cyber Directorate (INCD) will focus on raising awareness of phishing messages among people and companies in Israel under the title “If it’s fishy – a sign that it’s phishing”.

About 51% of the reports from people (not including organizations) that came to the 119 operational command center of Israel National Cyber Directorate (INCD) in the last year dealt with phishing messages and social engineering attempts.

10 warning signs of a phishing email or SMS and how to deal with it

A phishing attack is an attempt to steal information from users through impersonation while influencing the user to enter personal details such as passwords, ID numbers, credit card numbers, codes, etc. These attempts are multiplying and becoming more sophisticated. While some of the links distributed by email or SMS message are legitimate, it is important to be aware of the possibility of a phishing attempt. You can identify most phishing attempts using ten simple signs and avoid entering the details or clicking on the link. Remember – think before you click.

1. The sender’s address – official organizations send messages from legitimate addresses of the organization and usually not from a Gmail address for example. Also, there should be a match between the sender’s name and the sender’s address.

2. Creating pressure and a sense of urgency – a request to perform immediate actions out of “urgency”, is a common technique designed to make people act out of pressure and mislead them.

3. Absence of personal contact – usually, official organizations use the customer’s first name and address him personally. A general appeal of “dear customer” may be a suspicious sign.

4. Amateur wording – spelling errors and poor wording can indicate impersonation. Most often, official organizations do not send messages with errors and mistakes.

5. Excessive promises – messages containing promises, offers of a prize or unreasonable statements are usually suspicious and fake.

6. Request for personal details – unless you proactively registered for the website or made a purchase online, there is no reason to ask you for personal details such as passwords, codes, and credit card details.

7. Use of shortened links – some attacks tend to use shortened links to hide the real address of the link. However, not every shortened address is phishing.

8. Referral to external websites – fake websites try to mislead with an address that is similar to the real website address but differs in the order of letters or words and sometimes includes small spelling mistakes. It is recommended to carefully examine the address of the site and make sure you have reached the right site, especially before providing details.

9. Incorrect address – the reliability of the website address can be verified using dedicated websites or by displaying the real address of the website by placing the mouse on the link. In any case, if the site is known, it is recommended to access it proactively through the browser and not through a link that came in the message.

10. Attachments – it is recommended to examine the opening of the attachment received in the email or the file that is requested in the link or in the application to be downloaded to your device. It is recommended to pay attention to whether the request comes from a source or from an e-mail address of a sender you expected, but sometimes what is attached to an email may be harmful even if the email arrived from a known sender. It is important to pay attention if it is an executable file – a file that gives commands to the computer with an EXE extension. Sometimes a running file is hidden even in a file that looks legitimate.

I recognized the signs, it’s suspicious, how do you deal with it?

Think before you click – in most cases of phishing messages, if you did not click on the link or if you clicked and did not fill in details, you can be calm. Instead of clicking directly on the link, there is something to do:

• Check on the official website – instead of clicking directly on the link sent, you should check on the official website of the organization or company by surfing the browser or searching on Google. If there is a personal area on the same website, you can check there if there is indeed a problem or a certain requirement as they may be trying to claim in the phishing message.

• Search for a warning of phishing messages – on the organization’s official website or on its official social networks, a warning of phishing messages impersonating the organization sometimes appears. Also, on Israel National Cyber Directorate (INCD) social networks, warnings of widespread phishing attacks sometimes appear.

• Checking with the Israel National Cyber Directorate (INCD) – by dialing 119 directly to the operational command center, anyone can report, consult and receive initial assistance. It’s free, it’s simple and it works 24/7.

• Brief cross-checking of information – if, for example, a payment notification was received for an ordered package, it is recommended to cross-check the order number that appears in the message, with the confirmation of the order received at the time of purchase.

• Deleting the message – if the signs look suspicious and your brief check reveals that it is an impostor message, it is recommended to report it to the Israel National Cyber Directorate (INCD) by dialing 119 or by email, delete it and block the sender’s number or address.

Skip to content