How to Recognize Email Phishing
The term “phishing” is bandied about by media and cyber security types with the assumption that Joe and Jane Average know all of its nuances. But with the over prevalence of data leak breaches — particularly stemming from home users and remote workers — it’s pretty clear that many don’t fundamentally know what phishing really is or how to recognize it.
Let’s start with an overview of the definition of phishing. Basically, it is any attempt to trick people into revealing sensitive information about themselves or their work environment. It also likes to install malicious software that extracts potential money data for criminals.
Once you understand that sensitive material ranges from passwords into email accounts, banking information such as credit card numbers or account access passwords, personal information like social security numbers and health care data, all the way up to corporate secrets and company sensitive infrastructure, you start to understand its importance and why you should be concerned.
What we have to understand here is that while phishing tends to be practiced via the Internet and through computer devices, it extends beyond that, including phone calls, physical encounters and even snail mail. Undoubtedly, the most common phishing practices today are done electronically, so that will be the focus here.
Phishing vs. Spam
Since the invention of advertising, sellers have tried to find out information about potential customers in order to reach and expand their target audiences. This is known as spam, will always be standard practice and, while annoying to I daresay all of us, is not really an area of concern as far as safe cyber hygiene is concerned.
Sensitive information, on the other hand, is information that should not be given out, and it’s used specifically to exploit, steal from or manipulate the victim or the victim’s company. Discovering this is the goal of phishing campaigns. Links and attachments are the most used tricks and a high degree of caution needs to be employed before clicking on anything.
Here is a high level chart that might help you identify some key differences between phishing campaigns and spam.
While email phishing has evolved far beyond the prince in some country promising you riches if you only send an X amount of cash, making a malicious email look legitimate is not enough for most cyber criminals. They also use emotional triggers for a call to action, and no approach is off the table. The most common attempts are:
- They appear to be sent from your organization (suppliers, other employees)
- An appeal to authority (“CEO of your company shared this file”)
- Urgency (“this message expires in 2 hours. Act now.”)
- Lost in the noise (“we did not hear back from you…”)
- The Big Promise (financial compensation, lottery win, “You have been selected…”)
- Additional security (“additional authentication required…”)
- Business opportunity (“We want to discuss a deal worth $5M…)
The rest of this article will be specific to email phishing and while the following examples shown can apply to both personal and business emails, the focus will be on business emails.
First, many will not pay attention to the “from” header. Often the beginning will look legit, but the actual sender (usually in <> brackets) is the area of concern. Double check to see if it looks, uh, “phishy”.
Next, note the “call to urgency” method used both in the subject line and in the last line of the body. Pay particular attention to the odd formatting and words like WIRELESS-CALLER. Seems a little vague, doesn’t it? Also, email subject lines rarely contain dates or symbols such as ***.
Phishers are getting better at impersonating company branding and logos, so pay attention to them. Does something look off? The all caps in “VOICEMAIL SERVICE” for example. By this point you should already be suspicious, so do due diligence here and check the branding against the actual site(s).
There is a warning provided here, but one can’t always rely on that, as it may flag something legitimate, miss one entirely or, worse yet, actually be a malicious link itself. The best course of action is to NEVER click a link you are unsure of. Ask someone you know on your IT team or just delete it altogether. Most of us have a pretty good handle on what is urgent or not. Trust yourself.
This example is a little easier to flag as suspicious, but if you haven’t had your coffee, are in a hurry or distracted by the fight between your kids and the damn dog, you can miss it.
First, note again the unusual use of *** and inclusion of the date in the subject line.
But the biggest reason to be suspicious of this email is the mismatched fonts in the email body, like the mixture of italics and regular letters and the font size irregularities. Also, it’s rare to see just a random copyright date without something associated to it.
Again, the service gave a warning, so it’s nice to know there are some protections out there for you.
The body of this email uses two psychological methods, the “business opportunity”, and the “call to action”.
By now you should be able to recognize the obvious areas of concern: the odd or incomplete company logo, the poor grammar (“Attachment you will find”…), and the mismatched fonts. But what about the last line, “Please click and view attachment to validate.” Validate what? Delete!
Your turn. Take a look at this example and write in the comments why you would or would not be suspicious of this email*. I look forward to your responses.
Unfortunately, there simply is no sure fire, bullet proof method to identify phishing emails, especially as their sophistication grows. When in doubt, ask your IT team and colleagues if they are familiar with the email in question. Pay attention to the “red flag” messages that appear in the email body from your email provider; they pop up for a reason. DO NOT YouTube or Google your inquiries in a haphazard manner as there is no regulation on the legitimacy of the responses you will get.
An old cliché is still the best, “Think before you click!”
*Answers to Example 4:
- Remember to check the sender. Do you recognize the name? Does it look suspicious? Does it match the information in the <>?
- The subject line suggests that a previous email related to this was sent. Do you recall this?
- This is the “additional security measure” psychology approach, prompting you to click the banner. But what is with that “lock” icon floating around by itself?
- An additional link relating to Office 365 is provided, but without any proper branding.
- Finally, note the privacy statement (with third and fourth malicious links in case you didn’t hit the first two.) Does it look a little sparse and vague? Where’s the logo?
- DO NOT hit any links, immediately delete.
Disclaimer: ZeroGuard believes that data is knowledge, knowledge takes time and time is money. Things can be fixed, our intent is to do so in the cybersecurity realm. Which extends to everyday life. That’s a solid investment.