In Cybersecurity, Network Security, Phishing
how-to-spot-phishing-emails

5 Ways To Recognize a Phishing Email

Over 90% of targeted cyber attacks come through email. End-user training is a major factor in the way a business can combat these attacks. Here are 5 ways you can recognize a phishing email.

1. Asking for Personal Information

If an email is asking for personal or company information, this is a red flag that the email is fake. Legitimate companies are unlikely to ask for personal information or account logins in an email. Be aware that hackers will use email addresses or companies that can replicate or mimic persons you may know or trust.

The example below is a fake PayPal email that is asking for account login information. This email looks legitimate, but if you notice the link leads to a .ma URL, which is the country code for Morocco. Our next tip demonstrates how you can double check suspicious links.

paypal
malwarebytes.com

2. Hover but Don’t Click

If you suspect a fake or malicious email link, simply use your mouse and hover over the link. If the alt text looks strange, or the link is not related to the sender in any way, do not click on the link. Sometimes a link will not match and be legitimate, it is better to be safe than sorry and report the email to your IT  team or SOC (Security Operations Center). In the example below, by hovering over the Click Here link, the address did not match the marshall.edu email address.

phishing2
marshall.edu

3. Check for Spelling & Grammar Errors

Many phishing emails originate from outside of the US. Because of this, phishing emails will have consistent misspellings and grammar mistakes due to the language barrier. These emails tend to be obvious. If you encounter an email that is consistent with spelling and grammar mistakes, chances are you are looking at a phishing email.

jpyorre_blogpost_20160204_example2
umbrella.cisco.com

4. Beware of Urgent Calls To Action

Hackers try to scare recipients with some type of “urgent” situation. Here are some examples.

  • Something is expiring, Click Here
  • You have been hacked, Click Here
  • You have 24 hours
  • Immediate attention required
  • You need to login
  • Renew immediately

Legitment businesses normally do not require some type of immediate action. If you come across these “urgency” emails, be sure not to click on any links in the email or give out any personal information.

ceo-phishing-email-1
usecure.rutgers.edu

5. Always Check the Display or From Name

A common tactic of hackers is to use actual names of people in your organization and sometimes spoofing domain email addresses. If you suspect an email to be fraudulent, always check the display name and email address. Most often they will not match your company’s domain email address, or it will be close but slightly different. As cybercriminals use advanced technology to send these emails, sometimes these are harder to detect. Look at the 2 examples below to see how a hacker will try and gain access to important data.

email-spoofing-example-2-fake-sender-address-aig-direct-shadow
www.run.biz
1a441f21-8ef7-41c7-90c0-847272dc5350
docs.microsoft.com

Having a robust cybersecurity program can detect and eliminate most of these phishing emails. Accellis Technology Group uses the most advanced technology to prevent these types of cyber attacks from being successful. Barracuda Essentials and Barracuda PhishLine are 2 examples of the products we employ to our clients.

Potentially devastating attacks can slip through security gateways. With end-user training, you guard against every facet of social-engineering threats with continuous simulation and training for employees. For more information on employee PhishLine training, fill out the form below and one of our cybersecurity experts will contact you at your earliest convenience.

Develop your firm's incident response plan.
Showing 2 comments
  • Avatar
    Mark Watson
    Reply

    That was super informative! Can a phishing email lead to ransomware? What’s the relation there? I’ll definitely share this article with my colleagues.

    • Avatar
      Michael Tranter
      Reply

      Hello Mark.
      Thank you for the feedback. yes, a phishing attack can lead to ransomware. Ransomware usually finds its way into a system through a malicious email attachment or through a malicious website that will begin downloading infected software onto the system. Phishing or Spear-phishing scams are commonly used to trick the victim into opening attachments by masquerading as another person or organization that the victim already trusts. Sometimes, more aggressive forms of ransomware are used that don’t require tricking users in any way and instead exploit weak points in system security. These attacks infect your system then locks or encrypts your most important data, allowing attackers to ask for a ransom. The attackers will offer to provide the decryption key only if you pay a certain amount of money within a short time.

Leave a Comment

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.