In this blog, we will be covering what a phishing email is, what to look out for, and give some examples of phishing emails. By the end of it you should be well prepared to spot a phishing email and protect yourself and your business.
What is a Phishing Email?
A phishing email is an email sent with malicious intentions. These intentions include infecting your PC or extracting sensitive information out of you such as passwords.
They are sent to literally everyone. It involves a scammer contacting you pretending to be a legitimate business or person. The email will contain a link or attachment and will ask you to open it or click on the link.
Once you open the attachment malicious content will infect your PC. Once you have opened the link you can either infect your PC or will be sent to a webpage that imitates a legitimate website. It may ask you to log in using your credentials, or even put your bank details in.
Never use the same password for multiple accounts. If you do use the same password, you are at risk. If a cyber criminal’s compromises one of your accounts and uncovers your password, they will try this password out on all other accounts you have, in hopes of gaining access.
Therefore, it’s wise to use different passwords. If you can’t remember them all I highly recommend using Last Pass, a free password management app that every business needs
How to spot a phishing email
- The URL isn’t consistent.
Before you click on that link in an email, hover over it. If the link doesn’t seem trustworthy, ignore it. For example, if the link says to go to an amazon log in page, but when you hover over it, it says “www.amazontsp.co/ntghlloo0873849/44444/233490/amzonssstp/”, it’s most likely a phishing email.
Notice how in this fake url it doesn’t use Amazons official domain, but tries to copy it to look authentic.
- Poor grammar or spelling
Emails from legitimate company are checked before they are sent out for grammar and spelling errors. A Phishing email may have been sent out by a one-man-band and have poor grammar. This could also be because the cyber criminal’s native language isn’t English.
- Manipulative language
Cyber criminals often use urgency, fear, desire, intimidation, lust, or curiosity in their dialogue.
If someone is offering you something that’s too good to be true, it often is. If someone from your company you’ve never met is being slightly aggressive in asking you to make an urgent payment, it could be a phishing email.
- The email is asking for personal details.
It may ask you to click the link and enter your password, bank details or even security questions on the page it opens. If it seems like something a legitimate business wouldn’t ask you to do, it probably isn’t as legitimate as it may seem.
- Generic greetings
Cyber Criminals probably don’t have a list of their targets names, so may not use your name in the email. It may just say “Dear Customer” or “Greetings Member”.
What a Phishing Email Looks like
You can see here that the phishing email doesn’t use the recipients actual name. It also
attempts to create fear when it says “Failure to update your billing information may result in service suspension”.
As you can see in this example, the email has been sent from an unknown source. This doesn’t seem like the kind of email address Outlook would normally send at all…
Urgency and fear is trying to be created in the test with warnings that the recipient will not be able to read and send emails.
The Subject line also seems very unprofessional and would not be the type of subject line usually sent by Outlook/Microsoft.
In this example, the sender email address is clearly a red flag.
There is grammatical errors. It over uses the “-“ symbol in inappropriate places.
Instead of using the customer’s name, it uses their email address.
Phishing emails are evolving and becoming more elaborate and detailed. Always be on guard with emails that are sent from someone you don’t know. Never open an attachment or click a link in an email from a source you do not trust.