By Arthur Moses Opio
Cybercriminals are constantly refining their tactics, and phishing remains one of their most effective weapons. To help you stay vigilant, let’s dissect a real-world phishing example and learn how to avoid falling victim.
Email Body:
- A flashy banner with Apple/Mastercard logos (poorly aligned or pixelated).
- Urgent text: "Your account was selected as a winner! Claim your prize within 24 HOURS or it expires!"
- A bright red "CLAIM NOW" button linking to a suspicious URL like http://apple-gift.suspiciousdomain[.]xyz.
- Poor grammar: "Congratulation! You are 1 of 10 winner today!"
- Fake sender address: support@apple-offers[.]online (not a legitimate Apple domain).
- Fine print: "By claiming, you agree to pay a $5 shipping fee," which redirects to a payment harvest page.
Red Flags to Look Out For:
- Mismatched sender email.
- Unrealistic offers (free expensive gadgets).
- Urgent deadlines.
- Suspicious links.
- Typos and grammatical errors.
Phishing scams often mimic legitimate brands (e.g., Apple, Amazon, PayPal) and prey on FOMO (fear of missing out).
Let’s examine this example:
- Verify sender addresses (look for typos like @amaz0n.com).
- Hover over links to check URLs before clicking.
- Question urgency ("Why would I win a prize I never entered for?").
We would like to thank staff and students who have continuously reported anomalies to us. Your quick reporting enables us study the attacks and in turn we take appropriate action and strengthen our defence systems.
One key thing to take note of, never post pone updates to your system. Those updates are security fixes that must be installed.
Reminder: If you spot suspicious emails, report them to support.mak.ac.ug. Stay vigilant!
Read more on How To Spot Suspicious Emails: https://dicts.mak.ac.ug/articles/how-spot-suspicious-emails