Identifying Phishing Emails

Tips for Spotting Social Engineered (Phishing) Emails

Identifying Phishing Emails is not always easy. They are one of the fastest growing security threats facing businesses today. It is important to educate your employees on the techniques that a phishing artist will use to manipulate them. The following is a list of key points to look for when receiving suspicious email.

1. The message asks for personal information
No matter how official an email message might look, it’s always a bad sign if the message asks for personal information.
 
2. The message contains a mismatched URL
Check the integrity of any embedded URLs in a suspicious email message. Oftentimes the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address
 
3. URLs contain a misleading domain name
A phishing artist can create a child domain bearing the name Microsoft, Apple, or whatever. The resulting domain name looks something like this: Microsoft.maliciousdomainname.com which can lead you believe this is a legitimate or official email.
 
4. You’re asked to send money
One telltale sign of a phishing email is that you will eventually be asked for money. Maybe not right away, but sooner or later, phishing artists will likely ask for money to cover expenses, taxes, fees, or something similar.
 
Wire transfer fraud is currently one of the fastest growing email scams. Requests appear to come from a CEO or other financial person in your company and as many companies perform wire transfers regularly this type of phishing email is highly effective. According to the FBI wire transfer fraud costs the US and several other countries billions of dollars each year. It is recommended that companies setup an internal process for 2 step verification before allowing a wire transfer.
 
5. The message appears to be from a government agency
In the US, Government and law enforcement agencies follow certain protocols. Banks and other financial or government agencies rarely if ever use email as a means of requesting personal information.
 
6. Use good old common sense
You know the old saying that if something seems too good to be true, it probably is. That holds true for email messages too. If you receive a message from someone unknown to you who is making grandiose promises, the message is probably a scam.
Trust your gut! If you receive a message that seems suspicious, it usually is. Simply avoid acting on the message and delete it immediately
  

Let’s look at a phishing email line by line to better understand how the phishing artist crafts their fraudulent message.

From:
You don’t recognize the sender’s email address.
Not from someone in your company or someone you have a business relationship with.
To:
You were CC’d on an email sent to one or more people but you don’t know the other people.
Received an email that was also sent to an unusual mix of people or seemingly random group.
Date:
Email was sent at an unusual time like 3am or 1:59am, when you do not normally receive business or personal related emails.
Subject:
Subject line could be irrelevant or does not match the content.
The email message seems to be a reply that you never sent or requested.
Content:
Sender is asking you to click a link or open an attachment to avoid a negative consequence or gain something of value.
Email is out of the ordinary and may contain bad grammar or spelling.
Sender is requesting a wire transfer for a large sum of money
Do you get an uncomfortable feeling about the sender’s request to open an attachment or click a link.
Hyperlinks:
If you hover over the link with your mouse in the email message and the link displayed does not match this is a big red flag.
The spelling of the hyperlink is slightly off but close to something familiar to you.
Attachments:
The attachment is possibly a dangerous file type or one that you do not recognize.