How to spot a ‘phishing’ trip

SCAM ALERT

Phishing is not a new phenomenon, but due to the increasing complexity of phishing scams, knowing how to spot a phishing email is becoming more important than ever to protect personal data. How to Spot a Phishing Email

The first step in spotting a phishing email is knowing what it is. The most accurate definition of a phishing email is an email sent to a recipient with the objective of making the recipient perform a specific task. Attackers make their emails look genuine and include a request to click on a link, open an attachment or provide other sensitive information such as login credentials.

Socially engineered phishing emails are constructed to appear genuine to their targets. The recipient is more trusting of the email and performs the specific task requested in the email.

If the recipient clicks on a link to a malware-infected website, opens an attachment with a malicious payload or divulges their login credentials, an attacker can access his or her information undetected.

7 Ways to Protect Yourself

Phishing emails often evade detection by email filters due to their sophistication. They have the right Sender Policy Frameworks and SMTP controls to pass the filters front-end tests. Because they are often individually crafted, they can even evade detection from advanced email filters. However, phishing emails often have common characteristics; they are frequently constructed to trigger emotions such as curiosity, sympathy, fear and greed. Watch out for the following:

• Emails Demanding Urgent Action Emails threatening a negative consequence or a loss of opportunity unless urgent action is taken are often phishing emails. Attackers often use this approach to rush recipients into action before they have had the opportunity to study the email for potential flaws or inconsistencies.

• Emails with Bad Grammar and Spelling Mistakes Another way to spot phishing is bad grammar and spelling mistakes. Most legitimate companies apply spell-checking tools to outgoing emails by default to ensure their emails are grammatically correct.

• Emails with an Unfamiliar Greeting or Salutation

Emails that start “Dear” or contain phrases not normally used in informal conversation should arouse suspicion.

• Inconsistencies in Email Addresses, Links & Domain Names Another way to spot phishing is finding inconsistencies in email addresses, links and domain names. Does the email originate from an organization you’ve corresponded with often? If so, check the sender’s address against previous emails from the same organization. Look to see if a link is legitimate by hovering the mouse pointer over the link to see what pops up.

If an email allegedly originates from (say) Google, but the domain name reads something else, the email is likely a phishing attack.

• Suspicious Attachments

Emails with attachments should always be looked at carefully— especially if they have an unfamiliar extension or one commonly associated with malware (.zip, .exe, .scr, etc.).

• Too Good to Be True Emails Too good to be true emails are those which incentivize the recipient to click on a link or open an attachment by claiming there will be a reward of some kind. If the sender of the email is unfamiliar, it’s likely a phishing email.