How to identify if an email is a phishing attack

91% of all cyber attacks are delivered through an email. A company of 5,000 employees will receive an estimated 14,400 malicious emails per year.

It’s not abnormal to receive phishing emails. It’s only dangerous if you fall for the bait.  So how can you tell a phishing scam apart from a task that needs attention?

  • Look at the email address
  • Urgency
  • Hover, Don’t Click
  • Vague Pronouns
  • It’s Better to be Safe than Sorry

Look at the email address

This step usually begins by checking for spelling mistakes. They will usually appear as something related to the account they trying to gain access to. A few of my favorites are Oatlook, Paiypal, and Faceboook. Clearly, these aren’t correct but upon delivery in the context of your inbox, you tend to glaze over small pieces like that. Generally, they are small, subtle mistakes.

But even the from field can be manipulated; fairly easily might I add. Using open source software such as PHP Mailer, phishing attackers can manually type in both To and From addresses. When the email is delivered, the recipient will see an email that looks like it’s from the email account listed in the ‘From’ field, regardless of where it came from. It’s really that easy. That is how emails avoid spam filters and end up in your inbox.

Urgency

Phishing uses a false sense of urgency. This is intended to make users take action quickly without much thought to any inconsistencies in the email.

This can often look like “There was unusual activity detected on your account,” or “Your password is expiring today”.

The hope is that you are so concerned with losing access to an account that you make a decision (or mistake), that you wouldn’t normally.

PHISHING

Download our infographic and learn how to identify a phishing scam when you see one.

Hover, Don’t Click

You can examine the URL in question by hovering over a link rather than clicking directly. It will appear in your browser window in the bottom left corner. You can see in the photo to the right.

If it looks questionable, don’t click it and forward it to your security provider or response team.

Vague Pronouns

Mass Phishing Attacks will generally use vague pronouns such as “Valued Customer”. Even mass corporate communications will use your full/correct name.

In more direct, high-value attacks, known as spearphishing, hackers may do deep research to create a seemingly trustworthy email. In this instance, hyper-vigilance is necessary and a trustworthy IT partner to monitor breach detection and incident recovery.

Better Safe than Sorry

If you are worried about something, forward it to your IT team for threat detection. Worst case scenario, we send it back to you saying everything’s fine. If it is malicious, not only will we have secured this threat but also helped to identify any future threats.

Other Articles You Might Be Interested In:

What to do about Windows 7 End-of-life

What to do about Windows 7 End-of-life

Windows 7 End-of-life In case you are unaware -- Windows 7 is coming to an end. Microsoft has planned for this for a long time. However, most users have not it seems. According to web analytics vendor, Net Applications, Windows 7 actually saw its user share increase...

read more
SpamTitan provides increased Security and Accessibility

SpamTitan provides increased Security and Accessibility

Growing problems call for growing solutions. In mid-February, ITonDemand began to roll out a new solution to our client base to address spam and phishing email. This solution, called SpamTitan, is a response to additional security concerns facing IT infrastructures...

read more

ITonDemand was created over a decade ago to help support businesses and organizations IT services.  We kept hearing from businesses, like yours, that they just wanted their IT to work. And that is what we do.  We make your IT work for you.

1423 Powhatan St, Alexandria, VA 22314

233 SW 3rd St, Ocala, FL 34471

info@itondemand.com

800-297-8293