The Best Tech Tips

5 Ways to Spot a Phishing Email

Phishing attack explained 

The phishing attack is a common type of cyber attack. The attackers are attempting to make you take one of the next actions: 

  • Enter data. You could be guided to a fraudulent site. It is very similar to a well-known one and asks you to fill in data (passwords, usernames, emails, and bank information).
  • Download a file. The file could be a virus that can harm your device.

The message usually appears normal, and it could be tough to notice something is wrong. Typically, it includes something that the victim wants, such as free software or something they have to go, like changing a password in a certain amount of time. 

This strategy has been used for a long time. Also, the term “phish” points to the way we lure a fish with bait.

How to spot a phishing email?

It wants you to verify personal information. If the email looks authentic, but it requires from you data that you usually wouldn’t expect. That for sure is a sign that the email is from an untrusted source.

Keep an eye out for emails asking you to verify private information that you would never normally give. For example, it could be banking details or login information. Remember not to reply or click on any links. If you think that the email has a possibility to be genuine, first contact the company. Still, don’t use any method for communication given in the email. Instead, search online, and if you could make a telephone call.

The email address doesn’t seem genuine

Often a phishing email could arrive from an email address that looks reliable. Attackers do their best to trick their victims by using the names of legitimate companies inside the message or in the web address.

Just take a moment to examine the email address fully. You might see that it is a false variation designed to appear authentic.

Also, before clicking on any links, make sure to inspect them first.

Poor language

You can detect a phishing email by the poor writing used in the message. If there are spelling and grammatical mistakes and unusual twists of phrases, that is a secure sign. Legitimate companies make sure to send professionally written and checked adequately for mistakes emails. An unexpected email from an organization with mistakes is a sure indicator that is phishing.

Suspicious attachment

If a company sends you an email of the blue with an attachment, be aware it could be a malicious URL or a virus. The goal could be to infect your device or network.

The intention is to make you panic.

A common characteristic of phishing emails is to insert panic in the recipient. It could be a claim that your account is compromised, and the way to validate it is to enter personal information. Another case could be an urgency that if you don’t act immediately, your account will be deleted. Take a minute to think if this email is asking for something reasonable from you. 

How to protect yourself from phishing attacks?

Security improvement – Phishing occurs through emails. Apply MTA-STS, DMARC, DKIM, SPF. They are email authentication practices for recognizing and preventing messaging threats.

Anti-spam filters – Filtering is a great option for distinguishing undesired and infected emails and preventing them from arriving in inboxes.

Two-factor authentication (2FA) – The standard combination of username and password is not so reliable. So to stop spoofed accounts, attach one more level of security with 2FA. People will have to verify their individuality by a second attempt to receive access.

Virus detection and clearing – Effective antivirus software could keep your devices without threats. Still, understand that phishing can attack your employees as a method to get to your company’s sensitive data.

5 of the biggest DDoS attacks in recent years

DDoS attacks are a constant problem that any business could suffer. 

They are massive controlled traffic that is directed to a target (server) with the goal of taking it out of order.

Directly or indirectly, one day, you will be affected. They are getting more frequent, and we can easily expect around 10 million attacks this year. Here, we have 5 of the biggest DDoS attacks in recent years. Those who really hit strong and disrupted businesses. 

2021 Gambling company and DDoS ransom attack

This year’s entry focuses on a particular strategy some cybercriminals love – a ransom attack! The attack was complex and lasted months. When it became critical was in March 2021, when the traffic reached 800+ Gbps. Akamai was the company that was in charge of defending the gambling company. It reported that the problem was in a network protocol called Datagram Congestion Control Protocol (DCCP). It led to a volumetric attack that bypassed the typical TCP and UDP traffic defenses. Still, Akamai managed to handle it.

2020 AWS DDoS attack

Amazon Web Services are getting attack constantly. What is interesting about this case from February 2020 is that the traffic was massive. At its peak, it reached an astonishing volume of 2.3 Tbps! Of course, AWS could swiftly mitigate the danger and handle the situation, but it was still an impressive attempt to bring AWS down and got a record for the strongest DDoS attack yet. The vulnerability that the hackers used was a part of the CLDAP (Connection-less Lightweight Directory Access Protocol). 

2019 Imperva SYN attack

During 2019, the company Imperva had two strong attacks to stop and save its clients. One was a DDoS SYN flood attack with 500 million packets per second (PPS) and the other with 580! It got the record for the largest application layer attack, so definitely a nasty attempt. The packets’ size was significant too. They range from 800 to 900 bytes each. 

2018 GitHub Memcached attack

The attack that brought down GitHub in 2018 was incredibly severe. The traffic was 1.35Tbps per second! Of course, GitHub protection was not strong enough, and after a while, it couldn’t respond anymore. The whole problem started thanks to the exploited communication port – 11211 UDP. The criminals use it to amplify the attack and send traffic, almost a hundred times the size of the original request. 

2017 Blizzard DDoS attack

The game company Blizzard also has its enemies. In 2017 their servers were under attack, and this time it was a very strong DDoS attack. Many gamers couldn’t connect to the servers and play some of their favorite games like World of Warcraft, Diablo, StarCraft, and more. It left them angry and without service for several hours. Since then, there have been more attacks, and Blizzard is still a big target. 

Conclusion

We are heaving a steady rise in the number of DDoS attacks. They also become more complex and stronger. We can see around a 10% increase each year, and we are already in the 10 million range. More news will come about new DDoS attacks, and new dark records will be made. It is inevitable. So, next time when you can’t send something through your messenger app or the email client does not work, it is probably another DDoS attack.