When it comes to cyber crime, phishing is one of the most common and most dangerous methods that criminals use. Although it might have been easy to spot in the past, as criminals become more sophisticated, it is becoming more difficult to identify phishing emails.
The idea behind these attempts is to secure personal or financial information from the victim, and hundreds of thousands of people fall victim to criminals every year. The COVID-19 pandemic has seen a significant rise in phishing attempts, and by the start of April, over £1.6 million had been scammed by criminals.
Despite the rising sophistication of these attempts, there are still a number of ways to identify phishing emails. Here are our top three ways to identify a scam:
Check the sending address
One of the first ways to identify a phishing email is to check the email address that it has been sent from, not just the stated sender’s name. An immediate warning sign should be if it is coming from a public email domain such as Gmail or Yahoo or a strange email address. Any legitimate company will likely contact you from a personalised domain name, and these are very easy to check by just simply typing that domain into a search engine.
Scammers are able to adapt the appearance of the overall email, making it look as realistic as possible; however, the sending address is sometimes the giveaway. To get around this, many experienced criminals attempt to make it look believable at a quick glance, so make sure you check the address for any spelling mistakes or if it contains additional letters or numbers.
Take a look at the email pictured below (received this week by a colleague) – the sender address is unusual and the red padlock icon shows that TLS encryption was not used, which is also unusual. Both of these would immediately raise suspicions (click the image to make it larger).
One of the clearest ways to determine if an email is a phishing attempt is to check the overall spelling, grammar, look and feel. When a legitimate company contacts you, they are attempting to sell their brand and company to you, so will ensure that the email is captivating and well written. On the other hand, scammers do not have such concerns and are simply trying to send as many different emails to as many people as possible.
Although there is a common belief that scammers keep these mistakes in on purpose in order to filter out the less gullible, the truth is that for many scammers, English is either not their first language or they may have had limited access to education. This means that they have run the email through a spellcheck or a translation service, which often results in the messaging not quite conveying the right context.
Returning to the same email, you can see from the image below that the look and feel is odd. There is no sender name, brand or logo; the email isn’t well personalised (instead, the first part of the recipient email address is used), and there is a clear call to action which is the button inviting the recipient to click. Because the sender isn’t named and the content of the ‘package’ isn’t mentioned the aim seems to be to get recipients to click the link to find out more.
Suspicious links or attachments
Another common sign of a phishing attempt is the message containing suspicious attachments. Usually, the email will not provide much information, encouraging the recipient to open the attachment, which will then lead to malware being installed on their device.
Suspicious links are also a clear sign of a phishing attempt. Many scammers hide these links behind shortened links such as a bit.ly link or behind a clickable button, preventing suspicions being aroused by the recipient when they see the link.
While these three might be the key factors to consider, they are not the only warning signs. Any time you receive an email that you were not expecting, practice caution before clicking or responding. Scammers like to create a sense of urgency, or force you towards a link to find out more, and it only takes a momentary lapse in concentration for you to fall victim.
In our case, the email below uses a combination of these techniques. Little information is provided to encourage the recipient to click the link, and a sense of urgency has been created by stating delivery is waiting for shipment. Although you can’t see it, the addresses linked to by the button and unsubscribe links are hidden behind bit.ly links.
Don’t expect the unexpected
Our final tip is an important one, because not all phishing emails are so obvious. They are becoming more sophisticated and created to look like a genuine email from HRMC, Amazon, Microsoft and others. Be suspicious If you receive an unexpected email that that includes an attachment or link, especially if it is unexpected good news such as an HMRC refund email or a purchase order. Don’t open the attachment or follow the link.
If for any reason you do click a link in an unexpected email, never, in any circumstances, submit a username or password on a site it takes you to. Instead, call the sender (don’t email them as the attacker will be happy to email you back) or ask your IT or information security team to take a look. This shouldn’t slow you down and if the email wasn’t expected then a little delay won’t hurt. Sometimes they might be genuine – last week we received an unexpected purchase order; we ran it through malware scanners and contacted our customer separately to ask if it was genuine. It turned out it was, but we didn’t open it until we were sure.
Awareness is key
Even though your employees might be trained annually on security, people forget things and make quick decisions when busy and under pressure. For this reason, it’s important to maintain ongoing awareness, such as through ‘drip’ awareness campaign with examples of phishing emails and reminding people what to look for and what steps to take.
If you need help to improve security awareness and reduce the risks of phishing emails, please get in touch with our friendly team today.