Five ways to spot a phishing email

Posted on:

PhishingAustralians are being increasingly targeted with “phishing” emails. Kaspersky Labs has identified that the number of Anti-Phishing component activations on computers of Australian users doubled in 2014, accounting for nearly a quarter of the world’s total phishing attacks, at 24.4%. This puts Australia on the top of the list of countries being targeted by phishing attacks.kaspersky

What is Phishing?

Phishing is the act of stealing critical information from a business or individual. This criminal activity is done in different ways, but the most popular method used for businesses is through fraudulent email messages disguised to come from legitimate entities/institutions such as a university, a Internet service provider, a bank, a social networking site, and so on.

Why we keep falling for these phishing scams?

It’s troubling how we are still falling for these phishing scams despite widely reported phishing attacks on local businesses and consumers in the recent years. Is it because we’re not as vigilant as we should to be? Or, these ‘phishers’ are becoming smarter?

Last year the Anti-Phishing Working Group (APWG) recorded at least 123,972 unique phishing attacks worldwide, the highest so far, in a span of 6 months. This proves that “phishers” are constantly looking for new opportunities in new places to steal information.

How damaging are these attacks?

“The “uptimes” or “live” times of phishing attacks are a vital measure of how damaging phishing attacks are, and are a metric of the success of mitigation efforts, according to APWG.” And, based on their data, the average uptime for phishing attacks in 2H2014 (2nd half of 2014) decreased to 29 hours and 51 minutes — from 32 hours and 32 minutes in 1H2014 (1st half of 2014). But the median uptime increased to 10 hours 6 minutes — from 8 hours and 42 minutes in 1H2014. This, according to them, means that half of all phishing attacks stay active for slightly more than 10 hours. To protect your business from cyber criminals, you need to boost your phishing detection skills.

Here are ways to spot a phishing email:

  • Check if the source is legitimate. Hover your mouse over the name in the “From” column of your inbox. Verify if the email is from a known domain that is linked to the actual sender name. If the name of the sender doesn’t match its domain name or email address, report as spam or delete the email immediately.

Below is an example of a legitimate sender since the email address matches the name of the sender.droptaskThis on the other hand is most probably from a dubious sender: 

apple sender

* Another thing you can check is URL the sender is trying to get you to visit. Make sure the link is legitimate and uses secure browsing (think: https://). But as a rule, don’t click on any link in an email. Open a new window and go directly to the site to verify.

  • Look for misspellings, grammar mistakes or special characters in the subject line or the email itself. Legitimate companies or advertisers are careful with their messages. They can’t afford to be careless with their emails. Errors such as a misspelling or grammar mistake is most likely the work of a questionable source whose main goal is for you to open the email, not to convince you to avail of a great promo.

* Phishers use “re:” in the subject line to trick you into thinking that you have exchanged emails with them before. Don’t fall into this trap.

In this example, notice that the sender also failed to edit the message and introduced his name as “re: Adam Watts”.adam watts - phishing

  • It contains plain text or doesn’t have logos. Most legitimate messages are written with HTML with a text and images. A phishing email may not have any image or the company’s logo. If the email is all plain text and looks different than what you’re used to seeing from that sender, send the email to trash.

Keep in mind that banks use a stationery template to email notifications, announcements, advisories, etc.lloyds bank

  • It requests that you provide or update personal information. This is definitely a red flag. A phishing email commonly sends alerts saying that you must provide and/or update your personal information about an account (e.g. bank account details, account password). Furthermore, it’ll warn you that the message is urgent and you must act soon or your account will be compromised or the offer will expire. Tag the email as SPAM!

Phishers oftentimes use scare tactics to gain access to your private information.upgrade immediately - phishing

  • It has suspicious attachments. Be careful in opening any message from senders or messages that seem suspicious especially if it has an attachment. Security experts say high risk attachments file types include: .exe, .scr, .zip, .com, & .bat. Banks or retailers don’t usually send out attachments via email so there’s a good chance that it’s a malicious email.

Phishers use HTML attachments to evade browser backlinks. As soon as you fill out this HTML forms, your data will be sent to a compromised Web server for harvesting.paypal attachment - phishing

Phishers are continuously improving their techniques, that’s why we shouldn’t let our guards down even for a minute. Protect your business with a good spam filter and encourage your employees to report suspected phishing scams. Ensure that your browser is always updated, and keep yourself abreast of the latest phishing scams that are going around the web.

Some of the online phishing methods today include:

  • Deceptive Phishing
  • Malware-Based Phishing
  • Keyloggers and Screenloggers
  • Session Hijacking
  • Web Trojans
  • Hosts File Poisoning
  • System Reconfiguration Attacks
  • Data Theft
  • DNS-Based Phishing (“Pharming”)
  • Content-Injection Phishing
  • Man-in-the-Middle Phishing
  • Search Engine Phishing

Discuss these things with your IT team and come up with measures to protect your business from any future phishing attacks.

If you need an IT expert to secure your business from phishing and other malicious attacks, get in touch with us!