6 Ways to Tell if an Email is a Phishing Attack.
Phishing is something that you will have heard of many times before and we have mentioned it numerous times in our previous blogs too.
However, many people in business still don’t understand the true dangers of opening phishing/spam emails or how to recognise that the email sent is not from a genuine certified email address.
Spam emails have been around since Hotmail, the first web-based email provider created in 1996. More and more marketers started using the internet and email because it was a cheap and easy way for them to sell their products but because it was still so new regulation was not present until much later. Standards that we take for granted today, such as sender authentication, ISP relations etc.
“Phishing is the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers.” -Oxford Dictionaries
Over time these types of emails have become harder to recognise. Hopefully this little blog post will help you learn a few key ways of identifying an email as an attack.
So here are some important checks you should make if you are suspicious or unsure of any email messages you receive.
The message contains a mismatched URL
You should check the integrity of any embedded URLs. This is an important check to make because the URLs in phishing emails often appear to be all good and valid.
To check this hover your mouse over the top of the URL and you should see the actual hyperlinked address. If that address is different to the one displayed in the email, then it suggests the email is malicious and that you should not trust it.
This is very important to check because a popular scamming method is known as ‘Display Name Attack’ where the scammer simply creates a new email address but uses a fake display name.
You’re probably thinking “Well how would that work? We’d still see their email address and see there is no connection” but ask yourself when you last directly saw an email address? You don’t anymore. We just see the first and last name of the sender making it easy to be fooled because the person they are pretending to be could be one of your trustworthy contacts or somebody you wouldn’t bat an eyelid at if they emailed you.
The message contains poor spelling and grammar
You should thoroughly read emails you are suspicious of. If you find any spelling or punctuation mistakes it is likely that the email has come from a malicious sender. Big companies that send out mail on behalf of the whole company are highly likely to look over their content and check for spelling and grammar mistakes.
So, when you get an email and the punctuation isn’t up to scratch, then it would be wise to ignore the message.
If you are asked to send money to cover expenses
This tip comes a little more down the line after initially exchanging messages. Scammers will eventually ask you for money to cover some sort of expenses, which then makes it rather obvious that the sender is a phishing artist.
If you are ever asked to send money for a reason that doesn’t make sense, you can bet that it is a scam and should stop communication straight away.
Are they asking for personal information?
Personal information is information that can be used on its own or with other information to identify, contact, or locate you. If a phishing artist gets these kind of details, they could eventually access all sorts of sensitive information about you or even your bank account.
If you receive an email that is asking you to up-date/re-enter your personal or bank details, you should never give out the information. If you are not sure contact the company the email is claiming to be and ask them about it.
You should never give out any information regarding bank details or other sensitive personal information to anybody over email or phone.
Check the branding
Scam emails are usually pretending to be a brand, trusted company or a government department. You can often distinguish scam emails from aspects of the email such as the quality of the logo. If you are unsure of the way the logo looks you can check if the branding on the email is the same as on their website.
You could also compare the suspicious email to a previous one that you know is from the company.
Another aspect is the contact information. Can you click on the link to contact them? If it does lead to a website is that website genuine? If you can’t or it is not genuine you should be on your guard about the email and website.
If you would rather not click on the link you can find out where the link goes, again by simply hovering over the link and in the bottom left-hand corner of your screen the web address of the where the link goes to will appear.
An example of when fraudsters are impersonating a big company is PayPal scammers. The phishing artists will send out an email with a message and a link to click on; this will take you to a fake PayPal login page where they will be able to collect your login and password details.
Did you initiate the email?
Have you received an email that has no relevance to you in any way?
For example, you get an email saying you have won the lottery or a new iPhone X!! However, you haven’t participated in any competitions that would lead to you winning either of these. Then you can be confident it is most definitely a scam.
These emails are likely to have malicious links in them, so you should avoid any interaction and delete the message straight away.
There are many more ways you can identify an email as a scam or phishing email and if part of your work involves dealing with important confidential files or information you should always have your guard up when you receive an unfamiliar email.
To help businesses battle this ongoing problem Everything Tech sell a phishing awareness product.
It works by sending your employees a false, phishing message. The programme then reports on who clicks the phishing messages, letting you know who needs to be trained on the dangers that these emails bring to your business.