How to Recognize Phishing Emails
Phishers use a wide range of techniques to make their phishing emails look legitimate. These are some of the most commonly used techniques, which can be used to identify these malicious emails.
Fake Domains
One of the most common techniques used in phishing emails are lookalike or fake domains. Lookalike domains are designed to appear to be a legitimate or trusted domain to a casual glance. For example, instead of the email address boss@company.com, a phishing email may use boss@cornpany.com or boss@compаny.com. The first email substitutes rn for m and the second uses the Cyrillic а instead of the Latin a. While these emails may look like the real thing, they belong to a completely different domain that may be under the attacker’s control.
Phishers may also use fake but plausible domains in their attacks. For example, an email claiming to be from Netflix may be from help@netflix-support.com. While this email address may seem legitimate, it isn’t necessarily owned by or associated with Netflix.
Incorrect Grammar or Tone
Often, phishing emails are not written by people fluent in the language. This means that these emails can contain grammatical errors or otherwise sound wrong. Real emails from a legitimate organization are unlikely to have these mistakes, so they should be a warning sign of a potential phishing attack.
Another thing to look out for is emails with the wrong tone or voice. Companies, colleagues, etc. talk and write in a certain way. If an email sounds too formal or too informal, stilted, or otherwise odd given its sender, then it might be a phishing email.
Unusual Attachments
A common goal of phishing emails is to trick the recipient into downloading and running attached malware on their computer. For this to work, the email needs to carry a file that is capable of running executable code.
As a result, phishing emails may have unusual or suspicious attachments. For example, a supposed invoice may be a ZIP file or an attached Microsoft Office document may require macros to be enabled to view content. If this is the case, it is probable that the email and its attachments are malicious.
Psychological Tricks
Phishing emails are designed to convince the recipient to do something that is not in their best interests (giving away sensitive information, installing malware, etc.). To accomplish this, phishers commonly use psychological tricks in their campaigns, such as:
- Sense of Urgency: Phishing emails commonly tell their recipients that something needs to be done right away. This is because someone in a hurry is less likely to think about whether the email looks suspicious or is legitimate.
- Use of Authority: Business email compromise (BEC) scams and other spear-phishing emails commonly pretend to be from the CEO or someone else in authority. These scams take advantage of the fact that the recipient is inclined to follow orders from their bosses.
- Fear and Blackmail: Some phishing emails threaten consequences (such as revealing allegedly stolen sensitive data) if the recipient doesn’t do what the attacker says. The fear of embarrassment or punishment convinces the recipient to comply.
Phishers have extensive experience with using psychology to achieve their goals. If an email seems coercive in any way, it might be a phishing attack.
Suspicious Requests
Phishing emails are designed to steal money, credentials, or other sensitive information. If an email makes a request or a demand that seems unusual or suspicious, then this might be evidence that it is part of a phishing attack.
Email Phishing Examples
Phishing emails come in many different forms, but some campaigns are more common than others. Some of the most common types of phishing emails include:
- Account Issues: These phishing emails will claim to be from companies like Netflix, Amazon, or Apple. The email says that there is an issue with an account that requires the user to login into a phishing page that harvests account credentials.
- Fake Invoices: Phishing emails targeting businesses may claim to be unpaid invoices from a vendor or supplier. These emails are designed to look like legitimate payment requests but any payments made go to an attacker.
- Business Email Compromise: BEC attackers impersonate authority figures, such as CEOs or managers, and are designed to steal money or sensitive data. These emails may instruct the recipient to send a payment to seal a deal or send sensitive internal data to the “CEO”.
What to Do if You Suspect a Phishing Attack
The impact and cost of a phishing attack on an organization depend on the speed and correctness of its response. If you suspect that an email may be a phishing email, take the following steps:
- Don’t Reply, Click Links, or Open Attachments: Never do what a phisher wants. If there is a suspicious link, attachment, or request for a reply don’t click, open, or send it.
- Report the Email to IT or Security Team: Phishing attacks are commonly part of distributed campaigns, and just because you caught the scam doesn’t mean that everyone did. Report the email to IT or the security team so that they can start an investigation and perform damage control as quickly as possible.
- Delete the Suspicious Email: After reporting, delete the suspicious email from your Inbox. This lessens the chance that you’ll accidentally click on it without realizing it later.
How to Protect Against Phishing Emails
Phishing emails are one of the most common types of cyberattacks because they are effective and easy to perform. While awareness of common phishing tactics and knowledge of anti-phishing best practices is important, modern phishing attacks are sophisticated enough that some will always slip through.
Phishing awareness training should be supplemented with anti-phishing solutions that can help to detect and block attempted phishing campaigns. Check Point Harmony Email & Office provides visibility and protection across email phishing techniques. To learn more about protecting your organization against phishing emails, you’re welcome to request a free demo.
Feedback