How to Identify Phishing Emails

What is Email Phishing?

Phishing is when a 3rd party, typically a hacker or malicious website, uses the brand identity of a company to lull a user into exposing private information.

There are two types of email phishing:

  1. Phishing emails that come to you
  2. Phishing emails that come from you

Phishing emails leverage the brands of legitimate businesses to implant malware in an attachment or download or obtain login credentials. Phishing is still the primary method of obtaining credentials for attacks. You need to know how to protect yourself, your users and your business from phishing.

Identifying Phishing Emails

Phishing groups and hackers are constantly changing their patterns to improve both their targeting and the effectiveness of their emails in order to exploit users, but there are a few characteristics in common for every phishing email.

Phishing emails leverage a strong brand

In the example to the right, the “From” email address used Paypal’s, but I have seen it with many big brands, especially in credit cards, financial, banking and insurance industries.  Ask yourself:  Do you really have an account? Is this the email address for that account? Have you done anything with the account lately?

“From” domain and Return Path Domain will not match

It is relatively easy to spoof a “From” address.  Email Standards allow 3rd party emailers to send email on behalf of another domain, otherwise inbox providers like Google and or bulk email providers could not send email for the business or personal domains they host.  If “From” and Return Path do not match and the Return Path looks random or shady, it’s a good chance you have a phishing email.  Further, most companies will not use a 3rd party to send important account information emails like the one above, but their own internal servers.  Check the Return Path email address in the header to see if it looks legitimate.

There is an attachment

If you are required to download anything that you did not ask the company for, then it is probably a phishing email and may contain malware.  Even PDFs or DOCs can contain malware payloads.  At minimum, they are trying to lull you into thinking that their fake document is valid so that they can get personal, private or financial data from you.  Do not download attachments you did not ask for.

There is a sense of urgency

The email will require you to “act soon” or it will cost you money.  This sense of urgency makes you react before you think.  Take a breath before acting on any email that looks really important.  

Links on the page go to a different domain

Often a phishing email will include a link to a 3rd or 4th domain or just to an IP address.  The goal here is to get you to click unsuspectedly on any link so they can further the con and grab your information when you attempt to login to their fake website.  Sometimes the domains even look like subdomains or related domains.  Always check links before clicking on them.  If in doubt of any link, open a clean window and navigate to the company’s website and login to your account from there to check on the issue.  

Quality Varies

Some phishing emails, like the one above, look good on the surface.  For example, the logos look correct, the fonts and color scheme are appropriate and some of the language is even straight from legitimate emails.  However, when you read deeper you can see spelling mistakes, grammatical errors or other areas where it is clear the writer was not a native English speaker.  Notice above that “DeLL” is not written correctly nor is the phrase “This not you?” proper English.  Take a moment to read the information presented in the email and check grammar and spelling.

The content of this page was provided by MX Toolbox at:

The New FirstClass

FirstClass Web Services is the new way to access your existing FirstClass email. or will both take you to the new FirstClass Web Services site. These links will also work on your phone and are preferred over the FirstClass App that you may see in your phone’s app store. If you are in the new Linux (Blue Tux), the FirstClass link under Applications –> Internet –> FirstClass will simply take you to the FirstClass Web Services webpage.

The videos below are designed to give you a brief introduction on the new features of FirstClass Web Services:

Town Office Citrix Storefront

In the new Linux (Blue Tux), there has been an update to the Citrix Receiver. It is now entirely web based, but still requires some initial setup.

  1. If you have created a desktop shortcut, it will no longer work. You will need to create a new shortcut by navigating to Applications –> Internet, and dragging “Town Office Desktop” to your desktop or to your top bar.
  2. Go to Applications –> Internet –> Town Office Desktop, and click it. A web browser will open and take you to the Citrix Xen StoreFront.
  3. You will be presented with the Citrix Xen StoreFront, enter your usual Citrix username and password here, and click “Log On”.
  4. Click the “Town Office Desktop” button to launch your desktop.
  5. A pop-up will appear, asking you to select which program to use to open this link. Make sure “Citrix Receiver Engine” is selected, and put a check in the box next to “Do this automatically for files like this from now on”, and click OK. The next time you launch the desktop, you will no longer be presented with the pop-up.
  6. You will now be at your regular Citrix Desktop.