Back to Insights

Phishing Emails And How To Detect It?

Cyber security 06/09/2020 - 13:17 by Swami Nathan

How to Detect Phishing Emails?

Phishing is not a new phenomenon – it has been the most common attack vector for cybercriminals for several years – but knowing how to spot a phishing email is becoming more important than ever, due to the increasing complexity of phishing scams.

Scammers use email or text messages to trick you into providing personal information to them. They may attempt to steal your passwords, account numbers, or social security numbers. They could gain access to your email, bank, or other accounts if they get that information. Every day, Scammers launch thousands of phishing attacks like these — and often they’re successful. Internet Crime Complaint Center of the FBI reported that, in one year, people lost $57 million to phishing scammers.

Scammers sometimes change their strategies, but some indications will help you identify the pattern of phishing messages or emails.

Different Ways to Detect Phishing Email

Due to their complexity, socially engineered phishing emails often escape detection by email filters. They have the right Sender Policy Frameworks and SMTP controls to pass front-end tests of the filter and is hardly sent in bulk from blacklisted IP addresses to avoid blocking by Realtime Blackhole Lists. Since they are often crafted individually, they can even escape detection of advanced email filters with Grey listing capabilities.

Phishing emails, however, often have common features; they are often constructed to trigger emotions such as curiosity, sympathy, fear, and greed. If an employee is advised of these characteristics – and told what action to take when a threat is suspected – then the time invested in training a worker on how to spot a phishing email can prevent attacks and the attacker’s network infiltration.

1. Emails Calling for Urgent Action

Emails that inflict a negative outcome, or a loss of opportunity, are often phishing emails unless immediate action is taken. This technique is often used by attackers to pressure recipients into action before they have had the opportunity to research the email for possible defects or inconsistencies.

2. Emails Containing Bad Grammar and Spelling Errors

Another way of detecting phishing is through errors in grammar and spelling. By design, many businesses apply spell-checking software to outgoing emails to ensure that emails are grammatically correct.

3. Emails with an Unknown Greeting

Emails exchanged between colleagues in the workplace normally get an informal greeting. Many that start “Dear”, or contain phrases that are not commonly used in casual communication, come from outlets who are unfamiliar with the workplace interaction style used in your company and may raise suspicions.

4. Legit Companies won't push you to their Website

Phishing emails are sometimes completely coded as hyperlinks. Accidentally or deliberately clicking anywhere in the email will open a fake web page or download spam onto your computer.

5. Inconsistencies in Email Addresses, Domain Names and Links

Another way to detect phishing is to notice inconsistencies in the URLs, links, and domain names of emails. Does the email come from an entity to which it always corresponds? If so, search the address of the sender against the same organization’s previous emails. Look for a link to see if it’s legal to hover the mouse pointer over the link and see what pops up. If an email is allegedly from Google (say) but the domain name reads something else, report the email as a phishing attack.

6. Strange Additions

Most work-related file sharing is now done through collaboration tools like SharePoint, OneDrive, or Dropbox. Therefore, internal emails with attachments should always be treated with suspicion – especially if they have an unfamiliar extension or malware.

7. Emails demanding Login information, Payment Data or Confidential Information

Emails originating from an unexpected or unfamiliar sender should always be treated with caution when requesting login credentials, payment information, or other sensitive data. Spear phishers can forge login pages to look similar to the real thing and send an email with a link to the fake page. Whenever redirecting a client to a login page or informing them a payment is due, they should refrain from inputting details unless they are 100 percent valid for the email.

Phishing attacks continue to increase in number and effects, following advancements in anti-virus protocols and detection technologies. Everyone is a target in today’s cyberwar climate but, by educating your workforce on How to Properly Spot Phishing and Handle Phishing attacks, today‘s targets can become the future’s primary defense sentinels.

The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cybersecurity. If you’d like to know more about how your business can benefit from managed services, just give us a call, we are here to help.

Phishing Emails and how to Detect it? Email Impersonation Attacks Before They Reach Your Users. Full insight into your email channels.