Robert Best, Infotech20191101
Over 3 billion phishing emails are sent every day. You will have seen a few in your inbox already today. However, there would have been a few that you didn’t even realise where phishing emails.
Phishing emails are a social engineering tactic that preys on human behaviour. They are designed to trick the reader into taking an action the sender wants. That could be clicking a malicious link or sending sensitive information.
So how do you spot a phishing email?
In this brief guide, we will help you understand what a modern phishing email looks like and how you can spot them.
Check the sender address
A common phishing ploy is to spoof the display name on an email. As inboxes show the display name spoofing the name of someone else in the business or a customer means the email is likely to be opened.
The harder thing to spoof is the actual domain name the email is coming from (@domainname.com for example). So even if you do recognise the sender name double-check the domain is genuine. You will find scammers often use domain names with subtle changes, such as a missing letter.
Hover over links before clicking them
Most phishing emails want you to click on a link. The link will look genuine but will either lead directly to a virus or a webpage designed to gather sensitive information.
Before clicking any link hover your mouse over it. If the link address looks unusual or is not what you expect to see, then don’t click on the link. A good way of checking any link you are unsure on is to open a browser window and enter the domain part of the address to see if it’s genuine.
Is the email requesting sensitive information?
If the email is unsolicited and requests sensitive information it is likely a scam. You are the winner of a competition you never entered is a good example of this (as well as the well known Nigeran Prince email). Most companies will never send you an email asking for sensitive information unless you requested them, password reset for example.
In fact, most companies will continually stress that they won’t ask for sensitive information. If you follow a link to a website that is asking for sensitive information you must be entirely sure it is genuine.
Be wary of urgent or scare tactics in the subject line
Creating a sense of urgency is a popular phishing email tactic. Beware of emails saying you have a limited time to take action. A common scammer approach is subject lines such as ‘your account has been suspended or ‘there has been an unauthorised login attempt’.
If you receive an email like this and you are unsure if it is genuine follow the other tips in this guide. If you are still unsure then speak to the company over the phone, making sure you don’t use a phone number included in the email, get it directly from their website.
Beware of attachments
When was the last time a genuine company sent you an email with an attachment? It is only likely to happen if you have bought something from them or you have requested information from them.
There will be times that a genuine company does send you an email with an attachment but you will usually have done something to request, for example, an ebook download.
Review the signature
Does the email have a signature at the end? And how much detail does the signature contain? The lack of contact information can be a sign of a phishing email.
Do the links in the signature work? Scammers will often take screengrabs of genuine signatures. By using that as an image they can’t include the actual links. If the signature does have links hover over them to see if they are genuine.
Even the best spam filters will not stop every single phishing email. Spammers have become a lot more sophisticated and are better at beating the filters. That why it is important to be on the lookout for phishing emails.
By knowing the tactics spammers like to use, you can start a phishing email in your inbox. Knowing what to look for will make it less likely for you to fall victim to a phishing email.
Robert Best, Marketing Manager at Infotech
For more information about Infotech please visit their website: https://www.infotech.co.uk/
Our cyber consulting team works with clients from public sector bodies and global businesses to SMEs and start-ups. Read our success stories here. Learn more >
See what our team have been discussing around current issues in regulation and data security, and recommended processes and policies that will benefit your business. Learn more >
In our collection of whitepapers, Cyberfort’s cyber consulting experts explore issues from cyber threat intelligence to incident planning and data security. Read our whitepapers to help make informed decisions for the benefit of your business.Learn more >