Detecting Phishing Emails

Bogus emails attempt to trick end users into a sense of comfort, security, and legitimacy. Inspect email domains, names, and body content to detect a phishing attack.

Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source. It is usually performed through email. 

The goal is to steal sensitive data like credit card and login information or to install malware on the victim's machine. 

Phishing is a common type of cyber-attack that everyone should learn about to protect themselves against. 

 

What is phishing?

Phishing attacks are counterfeit communications that appear to come from a trustworthy source but can compromise all types of data sources. Attacks can facilitate access to your online accounts and personal data, obtain permissions to modify and compromise connected systems such as point of sale terminals and order processing systems--and in some cases hijack entire computer networks until a ransom fee is delivered.

 

Sometimes hackers are satisfied with getting your personal data and credit card information for financial gain. In other cases, phishing emails are sent to gather employee login information or other details for use in more malicious attacks against a few individuals or a specific company. Phishing is a type of cyber-attack that everyone should learn about to protect themselves and ensure email security throughout an organization.

 

How does phishing work?

Phishing starts with a fraudulent email or other communication designed to lure a victim. The message is made to look as though it comes from a trusted sender. If it fools the victim, he or she is coaxed into providing confidential information--often on a scam website. Sometimes malware is also downloaded onto the target's computer.

Cybercriminals start by identifying a group of individuals they want to target. Then they create email and text messages that appear to be legitimate but contain dangerous links, attachments, or lures that trick their targets into taking an unknown, risky action. In brief:

  • Phishers frequently use emotions like fear, curiosity, urgency, and greed to compel recipients to open attachments or click on links.
  • Phishing attacks are designed to appear to come from legitimate companies and individuals.
  • Cybercriminals are continuously innovating and becoming more and more sophisticated.
  • It only takes one successful phishing attack to compromise your network and steal your data, which is why it is always important to think before you click.

 

Graphic that says  

Identify Fake Email Addresses

If the domain is anything different than what you would type to access it from a search bar without any prompt, it is most likely a bogus email.

The sender can use any names they like. Do not gauge the legitimacy of an email by the sender’s name alone.

Recognize a Phishing Email

Security awareness involves checking the email’s domain, address, and body of the email for suspicious behavior. Here are some red flags to watch for:

A magnifying glass

  • Urgency: Any email that says “log in immediately,” “click here now”, or “action required” is bogus. Nothing via email is urgent.
  • Wire transfer/receipt of payment: Before opening an attachment (i.e., invoice) or clicking a link, call the sender to verify that it is legitimate.
  • Uncharacteristic language: Inspect the email for typos, unusual tone, or language that clashes with company culture.
  • Multiple links: An email with links sprinkled throughout is most likely spam. Delete it and move on.

 

Phishing tips Protect you and your family 

  • Avoid strangers, check name and email address
  • Do not rush, be suspicious of emails marked “urgent”
  • Notice mistakes in spelling and grammar
  • Beware of generic greetings, “dear sir/ma’am” 
  • Do not be lured by incredible “deals”
  • Hover over the link before you click to ensure it has a secure URL (HTTPS://)
  • Never give out personal or financial information based on an email request
  • Do not trust links or attachments in unsolicited emails