How to spot a phishing email?

In this post, I’ll explain you how to spot a phishing email. One day I got an email from Groupon as I had an account with them saying that there’s an unusual activity on my account and I need to change the password etc.

Here’s the images of the phishing email that I got from an attacker pretending to be from Groupon.

Groupon Phishing email from the attacker

I have good experience with cybersecurity and know what are the things to look so as to make sure that the email is from a legitimate sender or not.

First, I checked the contents for spelling error, and grammar, and how it is structured and whether a company sends those kind of emails. It felt legitimate at first glance as there are no such errors mentioned above.

Second, I checked the sender’s email and it has @r.groupon.com domain extension. I don’t think that any company uses that format, and instead they use @groupon.com domain extension. I might be wrong as well but I want to make sure that it’s still from a legitimate sender. So I googled ‘@r.groupon.com’ and found out that there’s a scam that has been happening from 2010, where attackers are creating fake Groupon sites to extract and steal user information.

So I made the risk and clicked on the link, suddenly the webpage shows an oops error… (didn’t remember the exact content there). Suddenly my browser search engine has changed from Google US www.google.com to Google Indonesia www.google.id. This was weird and it’s displaying the content in Indonesian language when I try to search for something in a new tab.

I then went to the advanced settings in chrome and scanned for malware and the chrome browser wasn’t able to detect it. Then later, I updated the antivirus signatures and made sure that they are up to date. Then I scanned my computer and the antivirus program (Avira) couldn’t detect any malware or spyware etc.

So I was wondering how to troubleshoot this issue and I wanted to get rid of the unwanted program that was installed when clicking on the link the attacker sent.

“One of the solutions I’d implement would be: Whenever we hover over the link it should show you to which link it is pointing or redirecting to, and this solution needs to be implemented by all email providers like Google’s Gmail, Microsoft’s Outlook etc. This will prevent the user from exposing their personal information to hackers.This solution will protect more than 3.8 billion email users from phishing attacks.”
What can a hacker/attacker do by using your personal information and stolen credentials?
  1. They will brute force and try to login in onto other websites (might be banking) using the stolen credentials, and try to alter your information.
  2. In a company, an attacker can bring a network down by penetrating into the company’s network and introduce a DDoS attack. A DDoS attack by a hacker can simply bring down the applications, inject malware and ask for ransomware (more often happens in the form of Cryptocurrency like bitcoin and other crypto coins) as they are more popular and are of high monetary value and the attacker can generate a huge amount of money into his pocket. They will steal your company’s confidential information and secrets. This will cost the business huge amount of money, as the applications are down, and your customers (companies) might not be able to access the databases, and they might not able to to access the applications deployed in the cloud. This will not only cost you but other businesses that hosted their applications in your infrastructure. This will also lead to not meeting your SLA- Service Level Agreements with that company. A SLA- Service Level Agreement is an agreement for a service, that companies make so as to avoid downtime, say 99.999% uptime. For example, this means that your ISP or Service Provider has to pay the company back for not meeting the agreed percentage of uptime, that the ISP agreed for.

Moreover, companies should train their employees continuously on how to spot phishing emails as it costs the company if the network and the applications are down.

If you want to analyze how your employees are vulnerable to these kind of attacks, I wrote an article “How to secure your organization through phishing campaigns?” that you might be interested in reading and sharing it with your team.

Please comment below and let me know what are the other ways you can spot a phishing email as well as what kinds of posts you might be interested in reading.

I’d be glad if you could share this article and educate your friends. Please clap if you feel that this post gave you a better understanding of a phishing email.

Also please feel free to connect with me on LinkedIn.