Advait Author of Everyday Cybersecurity, a blog aimed at creating awareness about Security and Privacy.

What is Phishing and how to avoid it

For those of us who have been using e-mail since its inception have mostly encountered at least one instance of the so called “Nigerian Price scam”. I remember this type of scam from early 2000s and I was shocked to find out that the scam is still doing really well and raking tons of money.

There are plenty of ways that the fraudsters use to trick people but since the early days of the internet the most prevalent type is the phishing scams. Phishing is when a fraudster lures their victim into revealing sensitive personal or financial information. This can be achieved in a number of different ways but the easiest method is to send the victim a text message or an e-mail and trick them into responding to it either by gaining their trust or by preying on their instincts such as fear.

Let’s look at a couple of examples and see how we can easily identify these types of scams.

Looking at some phishing scams from the past year it is evident that the scammers don’t care if there is an ongoing global pandemic. Case in point is this COVID-19 phishing scam

COVID phishing scam
Image courtesy: Kaspersky Labs

At first glance this email appears harmless and looks as if it was sent by the Center of Disease Control (CDC), which is a real organization in the United States, to alert you about the COVID-19 cases in your area.

Except that is it not. What are some things that you can look for in an email like this one to see that it is not legitimate

When you receive an email, look at the email address carefully. In this case the email is originating from “” whereas the real CDC uses the domain “”

If the email has any links in the body, be extremely wary of them. In this case the link appears to be pointing to a real CDC website but if you hover on it it is actually something different altogether

The webpage that opens when you click on the link then asks you to enter your username and password for your email which the scammer can steal and use it to login to your account later

The above example is just one very specific example of a phishing email. There are countless scammers out there who are looking to steal not just your username and password but your money or your credit card information via phishing. The good news is that there are some easy ways to spot a phishing email. Use the general tips/guidelines outlined below while looking at all your emails and you should be able to identify a phishing email relatively easily

Some of the obvious red flags include:

The email is insisting that you to act immediately or there will be irreparable damage to your finances, reputation, online accounts etc.

The most common tactic used by the scammers is that they play on our fears. If you receive an email that is asking for some immediate action, you can almost be certain that the email is not legitimate

As a general rule, no government body (IRS, CDC, Income Tax Department, Mumbai Police etc.) will contact you via e-mail and expect an immediate response. There will always be traditional mail communication sent out. You will likely be well within your legal rights to defend if you fail to respond to a communication sent with a stringent timeline. The key is to not be startled by such threats and take proper steps to avoid unnecessary damage

As a rule of thumb you should examine the email thoroughly before clicking on any links contained in the email. Look specifically for misspelled words or weird looking domains (eg. instead of

Email requesting that you enter your personal, financial or medical information

Be extremely careful while entering your financial, personal or medical information online. You should be alarmed if a random email is asking you to share such information

Directs you to download some software or open a file attached to the email

It is almost never a good idea to install a random software on your computer sent by a some stranger on the internet. Doing so is nothing but asking for trouble. Only download email attachments if you trust the sender

These really simple general guidelines should keep you away from most of the phishing emails on the internet. It is always best to be safe than sorry when dealing with these types of scams. In cases like these, always remember to be vigilant and never take any hasty decisions.

That’s all for this one, do check out the other posts for more related content. If you found this post helpful then please share it with friends, family members and help them be safe on the internet.