Identifying Phishing Emails
Phishing groups and hackers are constantly changing their patterns to improve both their targeting and the effectiveness of their emails in order to exploit users, but there are a few characteristics in common for every phishing email.
Phishing emails leverage a strong brand
In the example to the right, the “From” email address used Paypal’s, but I have seen it with many big brands, especially in credit cards, financial, banking and insurance industries. Ask yourself: Do you really have an account? Is this the email address for that account? Have you done anything with the account lately?
“From” domain and Return Path Domain will not match
It is relatively easy to spoof a “From” address. Email Standards allow 3rd party emailers to send email on behalf of another domain, otherwise inbox providers like Google and Outlook.com or bulk email providers could not send email for the business or personal domains they host. If “From” and Return Path do not match and the Return Path looks random or shady, it’s a good chance you have a phishing email. Further, most companies will not use a 3rd party to send important account information emails like the one above, but their own internal servers. Check the Return Path email address in the header to see if it looks legitimate.
There is an attachment
If you are required to download anything that you did not ask the company for, then it is probably a phishing email and may contain malware. Even PDFs or DOCs can contain malware payloads. At minimum, they are trying to lull you into thinking that their fake document is valid so that they can get personal, private or financial data from you. Do not download attachments you did not ask for.
There is a sense of urgency
The email will require you to “act soon” or it will cost you money. This sense of urgency makes you react before you think. Take a breath before acting on any email that looks really important.
Links on the page go to a different domain
Often a phishing email will include a link to a 3rd or 4th domain or just to an IP address. The goal here is to get you to click unsuspectedly on any link so they can further the con and grab your information when you attempt to login to their fake website. Sometimes the domains even look like subdomains or related domains. Always check links before clicking on them. If in doubt of any link, open a clean window and navigate to the company’s website and login to your account from there to check on the issue.
Some phishing emails, like the one above, look good on the surface. For example, the logos look correct, the fonts and color scheme are appropriate and some of the language is even straight from legitimate emails. However, when you read deeper you can see spelling mistakes, grammatical errors or other areas where it is clear the writer was not a native English speaker. Notice above that “DeLL” is not written correctly nor is the phrase “This not you?” proper English. Take a moment to read the information presented in the email and check grammar and spelling.
The content of this page was provided by MX Toolbox at: https://mxtoolbox.com/c/landing/identifyingphishing