Agnibha Nath
Author: Agnibha Nath  |  

Co-founder | Head of Email Deliverability and Customer Support at SendX


Read more posts by this author.


My first reaction was 'oh man, it takes guts to tell a story of you getting scammed.'

People make you feel shame and foolish.

The recent case of a phishing attack on Nidhi Razdan is an eye-opener! For you, me, and everyone who thinks they are 'too smart' to be conned.

Nidhi is an Indian journalist and television personality. She was the executive editor of NDTV (an indian news media company running since 1984) and is the author of Left, Right and Centre: The Idea of India. She has won awards such as International Press Institute award, Ramnath Goenka award and many more for her contribution to journalism. She is definitely well informed, educated and tech savvy.

She recently disclosed on Twitter that she has been a victim of a sophisticated phishing attack. She was scammed with a job offer of an associate professor in journalism at Harvard University.

According to her blog on NDTV, she got an email from an alleged Harvard Human Resources person from what appeared to be an official Harvard email ID, with an offer letter and agreement. The emails from this individual were all marked to what seemed to be an official group university ID. They also emailed her former employers at NDTV for recommendation letters and acknowledgements which were sent back looked very much official.

With the benefit of hindsight that we all have now, let's educate ourselves on how to not be a victim of phishing attacks. How we can secure our emails, have an eye on identifying anomalies, and what are the best practices to follow.

Scammers are now much more sophisticated than telling you stories about a prince in Nigeria or someone leaving you as a nominee of their property in Maui. They are using relatable scenarios that seem part of anyone's life. The techniques they use seem sophisticated and everything is done in a sleight of hand.

If a well-informed journalist like Nidhi Razdan can be a victim of this, then you and me are no better. We too can fall into such traps. This shows that everyone needs to revisit the basics of educating ourselves about protecting our online lives (which are an absolute extension of our real lives!)

I wish they thought about this stuff in school. But it's not too late. So let's dive in and learn how to avoid phishing attacks.

What is phishing?

Phishing is a cybercrime in which someone (called the target) is contacted via email, telephone, or text message by someone (called the scammer) pretending to be a legitimate organization (in this case, Harvard University) to lure the target (Nidhi Razdan) into providing sensitive or confidential data such as personally identifiable information, banking, or credit card details, or passwords.

#1 Checkpoint: Folder Placement

Then the first checkpoint is whether the mail is in your spam folder or your inbox (primary, promotions, updates etc. , any tab under inbox). If the mail is supposed to be coming from an established institute or company and still landing into the spam folder, you need to be careful. You need to further verify it with other steps.

#2 Look-alike domain

A look-alike domain is an almost identical and slightly modified domain name, registered with intent to deceive. These domain names have just a few characters different to a legitimate site. Sometimes, letters are swapped around or common characters are substituted.

For example, in the case or Nidhi Razdan phishing attack where attackers were impersonating to be officials from Harvard, they would have modified the harvard.edu to harvard.co or harvard.net.

Here is an example. Looking at this sender in your inbox, you will be fooled if you don't pay attention to the domain that is, harvard.edu.co. But the actual domain should just be harvard.edu

A real-world case of a lookalike domain is arnazon.com. In passing by, this looks like the official Amazon website, but only if you are careful you can observe that 'm' has been replaced with 'rn'. Thankfully, in this case, the lookalike domain is also owned by Amazon to prevent frauds on their name.

The only way to prevent being scammed by this is to make sure that you check the full sender's address before replying back or clicking on any links in the mail.

#3 From Address

There is a tiny arrow besides 'to me' which can unwrap a lot of crucial information.

Let's say that Nidhi would have received this email

She should have clicked the arrow beside 'to me' to open up this box that gives a lot more details about the sender.

The details in the email received by Nidhi would have looked something like this:

*These are not actual emails. This is just a recreation of the scenario for informational purpose

Let's take it step by step and look at the 'from' address.

It should not contain any 'via' in it.

This snapshot I have shown above has from: [legitimate looking email address] via gmail.acsv.net

Gmail shows this information to inform you where your messages are coming from.

Here it means that the sender is using a 3rd party service (like an email marketing server) to send you this email and hasn't authenticated their domain name.

If they wanted to authenticate their domain name, they would need access to the domain name records. These records are only available to the owner and not to someone else.

So be wary of emails having 'via' info in the from field.

Here is an email that I am sure of coming from breath.calm.com and not from anyone else pretending to be  calm. Here we can be sure that person/brand who owns the domain breath.calm.com is the one sending us this email.

#4 Signed By Field

Let's check the signed by field now. It should have the same domain as the from field.

If the emails Nidhi received were actually from Harvard, they should have looked something like this:

Let's look at a real world example too. Here in the example of email from Calm, we can see that domain in from field (anything after “hello@” ) and signed-by are exactly the same. "Signed by" is like a digital fingerprint.

If this email had been sent by scammer or would have been modified in between transit, it would have a different signature. That should alert you with the possibility of it being a scam.

We should also revise some of the standard practices such as:

  • Don't give out personal information over the internet to sources you don’t trust.
  • Don't click any links that seem unrecognisable or have been shortened
  • Keep your browser update so that any security patches are applied
  • Be wary of popups or links getting redirected

The Internet is a good place to be. We should not have to live in fear of getting conned. So, the only way to enjoy this is to keep yourself informed.

So next time you get an important email, don’t be like Nidhi Razdan. Runs the above checks before you hit reply.