How to identify the telltale signs of a phishing email

June 29th, 2020
How to identify the telltale signs of a phishing email

Phishing emails are one of the most dangerous cyberthreats that small- to medium-sized businesses (SMBs) face today. According to the Verizon 2020 Data Breach Investigations Report (DBIR), phishing is the biggest threat for small organizations, as cybercriminals devise more sophisticated methods to steal confidential information.

Given that your organization deals with emails every day, it’s important to be aware of the warning signs of a phishing scam, such as:

How to protect your business from data breaches

#1. Grammatical errors

This is one of the most common signs of a phishing email. You know it’s one if it is filled with grammatical errors and misspellings, which typically look like this:

To: [email protected]
From: [email protected]
Subject: Suspicous activity detected

Dear Sir
We have detect suspicous activity on your account. We have lock it for security purpose. To reactivate your account kindly reply imediately to thi message

Regards,
PayPal

In the example above, the grammatical, spelling, and punctuation errors are dead giveaways of the email’s inauthenticity.

#2. Suspicious sender addresses

Criminals can spoof a sender’s email address to fool users. For instance, cybercriminals may pretend to be someone from Google and send an email with this address: [email protected]. It may seem legitimate at first glance, but a closer look will show that “googIe” is spelled with a capital “i” instead of a lowercase “L”. This is one of the more insidious tricks, because the difference between the two letters is difficult to spot.

#3. Fraudulent links

Phishing emails usually include suspicious-looking links that lead users to fraudulent web pages.

For example, an email could contain the link www.ebay.com. However, if a user hovers their mouse over the link, it will reveal a malicious page such as www.ebay.com.top/login. This domain switch is done to allay any suspicion and persuade the receiver to click on the link. The fraudulent page also mimics the legitimate page’s design to trick the user into thinking they’re on the right site. But the moment the user enters their login credentials, they’ve sent their account information to hackers.

#4. Suspicious attachments

Cybercriminals can include attachments in your email that harm your computer when downloaded and opened. There are two common attachment types to look out for:

  • Macro malware – Hackers can inject a malicious macro code into a legitimate document. They then instruct the recipient to enable macros to read the document properly. However, doing so infects the host computer with malware.
  • Executables and scripts with spoofed extensions – This is where hackers send a file typically labeled “Invoice.docx”. However, a closer look will reveal its full name as “Invoice.docx.exe” or “Invoice.docx.vbs”. This is because cybercriminals are taking advantage of Windows’ default setting of hiding the file extension, making their attachment appear legitimate. Once launched, these attachments unleash malware that could steal sensitive data or install other malware onto the recipient’s PC.

If you suspect an email to be a phishing scam, do not download any attachment that comes with it.

#5. Unnecessarily urgent calls to action

Phishing emails often create a sense of urgency or demand immediate action. For example, they will ask the user to provide personal information or wire money immediately:

To: [email protected]
From: [email protected]
Subject: Immediate money transfer

Hello John,

Can you wire $1,000 to my bank account right now? I am on a business trip and in need to pay for a few expenses, but the money I have is not enough to cover them.

Please keep this confidential. Send my regards to your family.

Thanks,
Ken Smith

The above is an example of a business email compromise (BEC) attack, where the recipient is typically asked to act on a certain request immediately. Make sure to verify the authenticity of the email first before doing anything else.

Secure your business from phishing by partnering with Fidelis. Our security training services conduct engaging and informative training sessions to educate employees about phone scams, ransomware, phishing, and other cyberthreats. To learn more about cybersecurity protection and how we can help your business, download our FREE eBook today.

Looking for a reliable security solution?

Still unsure how to secure your business? Read our eBook, 3 Essential types of cyber security solutions your business must have and find out how you can optimize your business's cybersecurity without spending too much.

Download now!

For many businesses, complying with the GDPR’s specific data security and privacy requirements may sound daunting, but it doesn’t have to be. Our eBook Navigating the Data Privacy Labyrinth: A Guide to GDPR Compliance can simplify your compliance journey.GRAB YOUR FREE EBOOK HERE!