It used to be quite easy to identify a phishing email, but over the past few years, scammers have really upped their game. Some of the phishing emails now being sent can fool even the most security conscious and well-trained people, but if you know the signs of phishing email, you should be able to identify and avoid all but the most sophisticated phishing attempts.
What is Phishing?
Phishing is the name given to a tactic used by cybercriminals to obtain sensitive information through deception, often by impersonating a trusted source. Phishing is also used to deceive people into taking an action that allows the attacker to achieve their aim. This could be installing malware or even changing security settings on a device.
Phishing can be viewed as the digital equivalent of a confidence trickster, so these tactics are certainly nothing new. The attack technique gets the name from fishing. With fishing, a lure or bait is used to trick a fish into swallowing a hook. With phishing, a lure is used to trick an individual into taking an action in the belief that the request is genuine.
Phishing can take place over the telephone, in person, via text messages, social media networks, or chat platforms, although most commonly it occurs via email. Attacks are easy to perform, as all that is needed is an email address to send the messages and a phishing template. If credential theft is the goal, a website hosting a phishing kit is required to harvest credentials. Phishing kits are widely available on hacking forums and malware can also be purchased, so an attacker really only needs email accounts to send the messages.
Phishing emails can range from basic to highly sophisticated, and while email security solutions are effective at identifying phishing emails and ensuring they are not delivered to inboxes, no email security solution is capable of blocking every phishing threat without also blocking unacceptable numbers of genuine emails. It is therefore essential for employees to be told how to spot the signs of a phishing email and for them to be conditioned how to respond when a suspicious email is received.
Phishing Tactics are Constantly Changing!
There are tried and tested phishing techniques that are used time and time again because they are effective, but new lures are constantly being developed to trick individuals and evade email security solutions. It is not possible to train employees how to recognize every lure they are likely to receive, but it is possible to teach employees the most important signs of a phishing email, as there are commonalties shared across most phishing campaigns.
Protect your MSP clients with the newest zero-day threat protection and intelligence against anti-phishing, business email compromise and zero-day attacks with PhishTitan.
Free Demo
The aim of any training is not to ensure that every employee will recognize every phishing email, only to reduce susceptibility of the workforce to phishing attacks. Over time, employees will get better and will be able to recognize phishing emails and will get used to reporting suspicious emails to their security team.
What Are the Signs of a Phishing Email?
Every email received could potentially be a threat, even emails that appear to come from a known individual or other trusted source. Just because the sender’s name is familiar or the correct logos and contact details of companies are used, it does not mean that the email is genuine.
Some of the most effective phishing lures that are used to target businesses mimic genuine business communications such as purchase orders, receipts, invoices, job applications, shipping notifications, and non-delivery notifications. You should perform some quick checks of any email you receive, specifically looking for the following signs of a phishing email.
Urgency and Threats
Most phishing emails try to get the recipient to act quickly without thinking or checking for the signs of a phishing email. Some of the most effective lures require quick action to be taken to avoid negative consequences. Scare tactics are used, such as the threat of arrest or legal action, loss of service, loss of money, or even fear of missing out (FOMO).
Spelling and grammatical errors
Spelling and grammatical errors are common in phishing emails. These can be accidental – Google translate errors – or can be deliberate. Why deliberately include spelling errors? Anyone who still falls for the email will be more likely to then fall for the next stage of the scam.
When businesses send emails, they are usually careful to ensure there are no spelling and grammatical errors. Most businesses have a spell and grammar check configured for all outbound emails.
Unnecessary or Unusual Attachments
Email attachments are commonly used in phishing emails that distribute malware. Attachments may not be what they seem and could have a double extension. A Word document could in fact be an executable file that installs malware when double clicked. Malicious scripts such as macros are often added to files that will execute and download malware if allowed to run. Malicious hyperlinks are often hidden in attachments such as PDF files, Word documents and Excel spreadsheets to hide them from email security solutions. Exercise caution when opening any attachment, scan it with your AV software before opening, and do not enable content or macros – you do not need to in order to see the contents of a genuine document. If in doubt do not open.
Odd hyperlinks
Hyperlinks are often included in phishing emails to direct the recipient to a website hosting a phishing kit. These links may appear genuine from the link text, but links are often obfuscated to make them appear genuine. Check the true destination before clicking by hovering the mouse arrow over the link. If the link is clicked, make sure the domain you land on is the correct domain used by a company, and be exceptionally careful if you are asked to enter sensitive information such as your Office 365 credentials.
Atypical Requests
Phishing emails will try to get you to take an action you would not normally take. If the request deviates from the normal request received via email you should be suspicious. This could be a request to send sensitive data via email, install a program, or make a call or click a link to install a security update. It pays to make a quick phone call to check the legitimacy of any odd request using previously verified contact information – never contact information in the email. Also look out for unusual greetings and overly familiar or overly formal emails from contacts – These deviations could indicate an email impersonation attack.
Unfamiliar Email Addresses and Domain Names
Phishers often hijack email accounts so phishing emails can come from genuine email accounts, but it is most common for free email accounts to be used or for attackers to create email accounts on their own domains. Those domains often closely resemble the brand that the attackers are impersonating. Watch out for hyphenated domains – e.g. microsoft-updates.com; transposed or missing letters – e.g. mircosoft.com; use of irregular characters – e.g. m1crosoft.com; and subdomains microsoft.phishingdomain.com. Carefully check the email address and the domain name.
Block Phishing Emails with TitanHQ
If run a business and want to improve your security defenses, you should train your employees how to identify the signs of a phishing email. You should also ensure you have an effective email security solution in place that will block the vast majority of email threats to stop them from reaching inboxes. You should also consider implementing other anti-phishing solutions to create layered defenses.
This is an area where TitanHQ can help. TitanHQ offers two award-winning anti-phishing solutions for SMBs and managed service providers (MSPs) serving the SMB market: SpamTitan Email Security and WebTitan Web Security. Both can be used in tandem to greatly improve your defenses.
SpamTitan blocks malware and phishing emails at source and keeps inboxes free of threats, while WebTitan protects against the web-based component of phishing attacks, blocking attempts by users to access known malicious domains and stopping malware downloads from the Internet.
For further information on these solutions and how they can improve your phishing defenses, give the TitanHQ team a call today or drop us a line on email. If you want to test the solutions, both are available on a no-obligation free trial.