Makerere University

Enter a keyword or two into the search box above and click search..

Do not reply to Phishing attack emails, here is why?

You are here

By Arthur Moses Opio

You are at your desk working on your laptop or desktop and you receive an email with a link for your to click or an attachment to download. The emails can come in a legitimate form but in this era, you really need to be careful what emails you are receiving because not all mails are genuine. A number of Phishing emails with links to click or attachments to download are sent by attackers inorder to lure you the victim into clicking, such mails come with an urgency and if due diligence is made, you can fall prey to sharing your vital personal details.

What is Phishing?

According to the Merriam-Webster dictionary, Phishing is defined as a scam by which an Internet user is duped (as by a deceptive e-mail message) into revealing personal or confidential information which the scammer can use illicitly.

They can use email or even fake websites that look almost legitimate.

It is like getting a fake call from an MTN/AIRTEL money scammer saying, (“Hello Arthur, how are you, I am in a deep problem right now, My car got a problem around Mabira Forest, I need you to help me asap as I have no one who can help me except, please send money to this number of mine” or “it could be a scammer who sends a message to your phone and asks if you have received mobile money and that they have sent the money to a wrong number, they ask you to send it back, you do it without even checking your mobile money balance, in such instances when you get to check, you end up realizing you have been scammed.”)

Masayuki Higashino et al says, Phishing is one of the dangerous threats to organisations. A sender of a phishing e-mail pretends to be a trusted person or a system in order to steal valuable information including personal identity data and credentials. They continue to say, a phisher uses both social engineering and computer technologies in order to steal valuable information.

A lot of Open Source Technology tools like Gophish, Phishing Frenzy, SpeedPhishing Framework are aiding these phishing campaigns. It is a lucrative business as it allows the Phishers to look as legitimate as possible. Hackers have also leveraged the power of these tools.

People Don't do Due Diligence

Cyber criminals are on a rampage and because they know many people nowadays don’t do due diligence while reading emails, it is easy to scam them.

According to PhishLabs,  when your reply a phishing email even if you know it is a scam, could lead to more attacks. Most phishing campaigns are automated and people don't know this. When phishing mail is replied, it puts you on a scammer’s radar. According to Phish Labs, these criminals can be vindictive or even dangerous, so it is really a bad idea to reply and it's highly recommended that you refrain, it is like telling a rogue mechanic they can do whatever they want with your car even if you have been warned many times that that mechanic isn’t good, they only reap you of your hand-earned money.

Whenever a bank transaction happens and you get an SMS, you are keen to find out what transaction has happened. Those alerts you sign up for clearly show how you want to seriously monitor what happens in your account, you are very keen and when anything fishy happens, you report the matter as soon as possible.

Everyone is encouraged to read email with an eagles eye just like we pay keen attention SMS alerts.

Here are a list of reasons why you shouldn’t respond to Phishing scams

  1. Replying to a phishing email provides the scammer with a copy of your company’s or organizational email signature which might include phone numbers and other information. This email could enable them craft more convincing spear-phishing templates and also can give them more potential targets. Spear-Phishing is the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information (someone could pretend to be a top company official and send emails which users can easily pick on – In spear phishing, they take time to study the target and all his or her posts online, showing their likes and dislikes etc.).
  2. Replying a scammer notifies the scammer that your email address is active. You become a high priority for additional attacks. To make it worst, your email can be sold to other attackers.
  3. Your email address headers can provide the attackers with your location data, this can help them figure out your physical location.
  4. When you receive an email requesting to click or download a link and it isn’t officially communicated by your System's Administrator. Please report such scams so that they can blacklist such emails. Such information helps systems and network administrators to improve overall organizational security.

To understand the depth of what Phishing can do with the power of social engineering where a tweet, Facebook post about your business and different things you do reveal so much about you – such information can be used to impersonate you.

Check out this Phishing video to learn more.