How To Recognize A Phishing Email

One of the most common forms of cyber crime is in the form of the “phishing” email. It’s a clever way for hackers to avoid having to break through a computer’s security systems and spoof you into giving away the keys to the castle.

One common form of phishing is to get you to click on a bogus link designed to look like a legitimate service. From there, you input all of your personal information, which the web page saves and dutifully forwards to its owner. They now have the information they need to get into your email account, your bank, or whatever else it is they need to get access to.

From a corporate perspective, a hacker could easily duplicate the login page to one of your internal portals and seize control of user information, which they could then use to upload ransomware or all manner of malicious code, or extract valuable data for sale on the dark web.

Either way, it helps to be able to recognize the signs of a phishing email and thwart these attacks before they start. Here are a few of the most common signs you’ve received a phishing email.

1. It Ends Up In Your Spam Box

Most email servers have become steadily more sophisticated when it comes to detecting phishing emails, and are able to label them as such.

In June 2017, Google announced in its company blog that it has been beefing up its spam detection on its Gmail servers, and boasted that it can now detect 99.9% of spam messages.

So if you use Gmail, either on its own or to manage your other email addresses, you can bet that any email from an unfamiliar address that ends up in your spam box asking you to click on a link can be safely ignored.

2. It Has Spelling Or Grammar Errors

A strange tradition in phishing emails is the prevalence of spelling errors or sentences that seem to be almost nonsense grammatically. There are a few reasons for this.

First of all, phishing emails are often written by people whose first language is something other than English, and as a result their grasp of the nuances of English idioms isn’t as strong as a native speaker.

But there’s also a second, possibly more cunning possibility behind this.

If they manage to get someone on the hook with a poorly written email, they know they’ve gotten someone particularly gullible.

Sending emails is the easy part – you can find auto-emailers which will scour the internet for email addresses and pepper the web with whatever you like. The trick is to get someone to actually click the link in your email and give you their information. But while you might be able to fool someone with a flashy looking email, as soon as someone realizes they’ve clicked on a bogus link they’ll either leave the page altogether or input false information.

Parsing through the false stuff is time consuming to a scammer, and in the case of organizations that have more security than others – like sending an alert after three failed login attempts, for example – it can alert the account owner that they’ve been phished and draw unwanted attention to the scammers. So if they can be sure they’ve got a gullible shmuck on the hook, they limit their own risk as well.

Either way, if you receive a strange email full of spelling errors, run the other way.

3. They Have A Bogus Link

We’ve demonstrated this one before, but it bears repeating.

Let’s say I want to trick you into visiting a website. I want to send you to Yahoo, for example, but I want you to think I’m sending you to Bing. There’s an easy way to do this.

Ready?

http://www.bing.com

Does that look like a link to Google? Sure, but click on it and you’ll find yourself at Yahoo’s search. This is a simple piece of code which anyone with even the slightest bit of HTML knowledge can do.

Phishing emails will do something similar, except that they will send you to a bogus website they built.

Imagine you banked with JP Morgan Chase, for example. If I created a webpage that mimicked the layout of JP Morgan Chase’s banking login page and made a link to it that looked like the link above, I could in theory convince you to drop in your bank card and password into that page. From there, I could take that information, log into your account and clean you out.

This works for any web-based service. But there’s an easy way to protect yourself against it.

If you’re suspicious of a link, right click on it and click “copy link address”. Then paste it into a Notepad document or something similar (NOT in your browser). If the pasted link doesn’t look anything like the site to which it claims it wants to send you, it’s bogus.

4. They Come From A Weird Email Address

Often, phishing scams claim to be coming from a larger corporation – one you’ve heard of before, like a big bank or a tech company.

These corporate entities all have their own web presences – sometimes several – and will only send emails through their own approved channels. So if you see an email claiming to be from a corporation, check the email address. If it doesn’t match up, you’re likely dealing with a phishing scam.

Phishing scams often come from domains ending in .ru (a Russian national registrar) and .co.jp (a Japanese national registrar). So unless you’ve been doing business in Russia or Japan, you should be suspicious of any emails coming from these domains – especially if they’re claiming to be a North American company.

5. They Have A Sense Of Urgency

URGENT ACTION REQUIRED

ACCOUNT DEACTIVATION IMMINENT

YOUR ACCOUNT HAS BEEN COMPROMISED

Headlines like these are designed to provoke an emotional response so we click on the email as quickly as possible without taking the time to think things through.

Now, logically, if your bank account <em>were</em> actually compromised, one would hope your bank would do more than send you one lousy email. But that’s not what we see. We get scared by the prospect of losing access to our bank account and click.

The same thing goes in the other direction as well – this is the classic Nigerian Prince scam. Rather than scaring you with a loss of your bank account, this makes you think about the potential riches you could be getting – but only if you click that link right now!

Either way, if you receive an email like this it’s more than likely a phishing scam. But if you’re worried, you can always call the company’s hotline and find out whether or not the email is legitimate.

Training Your Staff About Phishing

By making sure your staff recognizes a phishing scam when they see it, you can help protect your systems from potential attacks.

To find out how you can protect your business from phishing attacks, contact 1st Secure IT today.

1st Secure IT


4613 N. University Drive #323
Coral Springs Florida
33067
(866) 735-3369
https://goo.gl/maps/heFDsxSfr5M2


Cyber Security Risk Management and Consulting Services | 1st Secure IT | When Compliance Is Not Enough


The Hawaii Missile Warning And IT Security
Cyber Security: Are You At Risk?
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 19 August 2019

If you need help getting started... Contact Us!