How to: Noticing phishing emails

phising emails

Emails. Just like they can be either formal or informal and personal or general, they can be either real or false. We know these false emails as phishing emails. 
Phishing emails, unfortunately, is not a new phenomenon. It has been the most common attack vector for cybercriminals for a number of years, but due to the increasing complexity of phishing scams, knowing how to spot a phishing email has become more and more important. How you can separate the wheat from the chaff? Hear – ok, read – us out. 

Weighing out whether you can open an email safe and sound, is easier said than done. It’s often really hard to recognise false emails, especially when you become a victim of a targeted attack. Everyone is a target in today’s cyberwar climate, but by educating yourself (and your workforce) about how to spot phishing emails properly, today’s targets can become the primary defence guards of tomorrow. Below, we provide you with your very first training.

phishing emails and sender’s address

Find inconsistencies in email addresses, links and domain names. Mostly, phishing addresses are either a derived version of the real name of a company, or something really sketchy. It might help to check the sender’s address against previous emails from the same organisation or the e-mail address on the website of that company.

Salutation

Organisations that you’re in business with or that got you in their client base, mostly use your last name and know whether you are a male or female, just like the communication between co-workers or friends usually have an informal greeting. When a general salutation, like “Dear customer” or “Dear Mrs/Sir” is used, pay attention. Also, always consider whether someone or something uses the style of greeting that you are used to or that you would expect from them.

Demanding action

A lot of phishing emails will try to put pressure on you, e.g. by threatening a negative consequence or a loss of opportunity unless urgent action is taken. Attackers often use this approach to rush recipients into action before they have had the opportunity to study the email for potential flaws or inconsistencies. And when they claim that clicking on an attachment will lead to a reward of some nature? Delete. Immediately. If you’re in doubt, just contact the organisation that did or didn’t send you the email.

Links and attachments

Never click on a link or unfamiliar extention (.zip, .exe etc.) unless you trust it for all of the right reasons. Links in phishing emails can install dangerous software on your computer or lead you to false websites. You can check the address of the link by placing the cursor on it, without actually clicking on it.

Asking for personal data

Emails originating from an unexpected or unfamiliar sender that request personal information, like login credentials, payment information or other sensitive data, should always be treated with caution. Your bank, insurance company and public authorities will never ask for personal data that way.

Language and design

It might sound obvious, but another way to spot phishing is just by noticing bad grammar and spelling mistakes. While the current generation of false emails are becoming smarter because of spell-checking tools and almost identical logos and photos, it’s always a good idea to check whether you don’t come across irregularities. You can also use an earlier email of the person or organisation to compare.

It doesn’t matter if you have the most secure security system in the world. It takes only one untrained employee to be fooled by a phishing attack and give away the data you’ve worked so hard to protect. Make sure both you and your workforce understand the specific email phishing emails examples above and all of the telltale signs of a phishing attempt. Let’s go fight them together.