19 January,2021 09:27 AM IST | Mumbai | Anindita Paul
Perform this additional security check for unsolicited emails
Senior journalist Nidhi Razdan's public admission of falling prey to a phishing scam, which led her to believe that she had been appointed as a professor at Harvard University, was disconcerting to many of her followers. While some wondered how someone as savvy as Razdan could fall prey to such a scam, others worried about the fate of other students and professionals applying to jobs and universities abroad. We spoke to cyber-security experts to decode the episode and identify red flags to watch out for.
"Razdan's testimony opens with her receiving an unsolicited email from Harvard University after she conducted a talk. Remember that a tense economic environment, where everyone is eager for better pay or opportunities, is an ideal preying ground for hackers and scammers," explains Prathamesh Sonsurkar, founder of Whitehack OPC. Before acting on an unsolicited email, run basic hygiene checks, such as the domain URL, the spelling and grammar in the email, and whether the email opens with a generic salutation such as Hello User or Dear Customer. These are always red flags. Authentic messages will refer to you by name, suggests Mangesh Sawant, senior vice president at Riskpro.
Nidhi Razdan and Prathamesh Sonsurkar
Authentic emails will not redirect you to any other website - the content will be displayed within the body of the email. Phishing emails, on the other hand, are designed to redirect you to a lander page. Phishing emails try to create a sense of emergency: in that, they will mention that you are shortlisted for a lucrative reward or opening or have been hacked or otherwise compromised. Regard these with caution, Sawant advises.
Even if you have initiated contact with the institution and the reply to your email is not on the same thread, make sure to cross-check by contacting the email address mentioned on the official website, before acting on the information. "In Razdan's case, she was researched by the scammers. They knew that she, as a journalist, would be especially alert, and hence took added measures such as having multiple people contact her," Sonsurkar suggests.
Your email client, such as Gmail or Outlook mail, will give you a âshow original message' option. Clicking on this will reveal certain vital certificates that authenticate that the email being sent is legitimate. These include SPF, which indicates that the email has been sent from the dedicated sender (many scammers modify the âFrom' field to mimic a legitimate sender); DKIM, which means that the email has reached you without being tampered or edited; and DMARC, which confirms that your mail has passed through the first two filters. All of these parameters must be confirmed as PASS, in case the email is legitimate, says Sonsurkar.