It seems more and more of the email you receive is either spam, newsletters you didn’t sign up for, or worse. While emails are a convenient way of staying in touch, they can also be a prime target for phishing scams. So, how can you spot a phishing email? Here are some tips to keep in mind.
1. Check the Sender’s Address
Phishing emails often use a fake or similar-looking email address to trick you into thinking they’re legitimate. Keep an eye out for typos, misspellings, or a different domain name. The sample below shows an email from ‘Microsoft’ but the sender’s email address is a hacked account from University of Utah.
2. Look for an Email Banner
Keep an eye out for email banners that indicate the message was sent from outside the organization. Some email services even have the ability to add warnings or alerts to emails that are deemed suspicious or potentially dangerous. Paying attention to these banners and warnings can help you identify phishing emails and protect yourself from cyber attacks. The sample below shows an example of a warning banner tipping the recipient off that this is not from their organization. It also has a spoofed email address.
3. Beware of Urgency or Threats
If an email has a threatening tone, mentions it is urgent to reply, or says access will expire, or marked as ‘High Importance’ take a closer look. Scammers often use fear tactics to make you act quickly. Don’t let them pressure you into making a mistake. The example below says the user must act before they are locked out of their email. It also has a spoofed email address as in example 1.
4. Don’t Click on Suspicious Links
Phishing emails may contain links that direct you to a fake website that looks identical to the real one. Before clicking on any link, hover your mouse over it to see the URL. If it looks suspicious or unfamiliar, don’t click on it. The below example show a phishing email with a tempting link (like the examples above). It also has a spoofed email address (see a pattern?).
5. Beware of Suspicious Attachments
Phishing emails may contain attachments that can infect your computer with malware or viruses. Be cautious of unexpected attachments, especially if they come from an unknown sender or seem unrelated to the email’s content. If you’re not sure about an attachment, don’t open it. The below example is a phishing email made to look like a voicemail message. This is very common. You will also attachments made to look like FAXs, ACH deposits, and encrypted messages. Also be on the lookout for boobytrapped Word, Excel, and PowerPoint files (more info in another article). You can see by all the black blocks that this phishing attempt was personalized for the specific recipient. This is called spear-phishing.
6. Check for Poor Grammar and Spelling
Be on the lookout for poor grammar, spelling mistakes, or awkward phrasing. If an email looks like it was written by a non-native speaker or an automated tool, it’s probably a phishing attempt. With the rise of AI generated email this method of detecting phishing will loose its effectiveness.
7. Verify the Request
If an email asks for sensitive information like your password or social security number or asks about any sort of banking information, wire transfer updates, or ACH deposits, don’t do it, even if it looks like it is coming from a co-worker as their account might be hacked or spoofed. Always verify the request by contacting the person directly by phone. Do not call any number in the email as that might be go directly to the attacker. Legitimate companies will never ask for sensitive information through email, so any request of this nature should be treated with suspicion.
8. Hacked Emails from Legitimate Senders (Most Dangerous)
Hackers have been using a very devious tactic where they use hacked company accounts to send emails to other employees or companies your organization does business with. Usually the message has to do with a financial transaction update such as new bank account or payroll destination. A common tactic is to hijack an existing email chain so the person you are communicating with thinks it is part of an ongoing conversation.
The below email was sent from a hacked internal account to their client. It was inserted into an ongoing conversation and the hacker redirected messages from the inbox so the victim would not see replies. The hacker waited for over a week before striking. This attack resulted in a large financial loss. To prevent this sort of attack we recommend adding a disclaimer to every message that you will never ask for financial transaction updates via email and contacting your customers directly so they know you will never email them these types of requests. Training your employees to always call and verify (not using a phone # in the email but one on file) can also prevent disaster.