If you’re confused by the jargon, a phishing attack is a method of trying to gather personal information using deceptive emails and websites. Unfortunately, they are on the rise – in fact – they rose by more than 162% from 2010 to 2014, according to a report from Dell EMC.
Despite the technology and systems now available to block malicious emails before they arrive in your inbox, some phishing emails will always make it through. Some phishing emails are so sophisticated that, according to some reports, 97% of people worldwide cannot detect the presence of such an email.
With so many underhand techniques at play, what are the hallmarks of a classic phishing email? Here are nine tips that explain how to identify a phishing or spoofing email.
1. Don’t trust the display name
A popular phishing tactic is to “spoof” the display name that is presented against an email address. Spoofing is the process of making an email look as if it’s from a genuine sender by masking the cybercriminal’s email address with a display name that suggests a genuine company (such as amazon.co.uk). An example email may look like the below:
So although the display name shows as “HSBC”, the email address itself suggests that the email has not come from HSBC. Your email client, such as Outlook, should provide a way of checking the email address behind the display name.
2. Check any links before clicking
Sometimes a phishing email will include one ore more links in the body of the email. If you are unsure of any links, don’t click them to test – simply copy and paste or manually type the address into a website address analyser, such as the one on VirusTotal’s website: https://www.virustotal.com/#/home/url. This will search a number of online databases to report the safety of the link / website in question – if you see any red crosses on your search results, then do not visit the website that is linked in the email.
3. Check for any spelling mistakes
A classic tell-tale sign of a phishing email is the presence of a number of spelling and / or grammar mistakes that are littered throughout the email. A high-profile company such as HSBC or Amazon are highly unlikely to have any mistakes in their emails.
4. Examine the email’s salutation
Check how the email has been addressed to you. Legitimate companies will address you by your first and / or last name, so be on the look out for any emails that start “Dear Valued Customer” or “Dear Sir / Madam”.
5. Don’t surrender any personal information
No genuine email from a large company would request that any personal information be sent in an email, so any email making this request should always be ignored.
6. Look out for urgent language
Cybercriminals will use fear-mongering tactics to invoke a response from unwitting victims, so be on the look out for any phrases such as, “Immediate action required to prevent account closure”, or, “Your account has been suspended”.
7. Inspect the signature
A lack of a signature at the foot of the email can be a clear indication that the email is disingenuous. Legitimate companies will include contact details on their emails.
8. Don’t open attachments
If the email you have received includes any unrecognised attachments, or files that you weren’t expecting or don’t usually receive, do not click or open them.
9. Don’t trust the email’s “header”
If you have spotted one of more of the aforementioned traits of a phishing email but see that the display name matches the email address in the email’s “header”, even the email address can be spoofed so can’t always be trusted.
Spotting a phishing email is not always easy, but they can often be stopped before they reach your inbox. Resolve can provide a number of solutions that help block malicious emails, so if you feel you are suffering as a result of spam emails, please contact us and we will help you discuss your options.
Call-backs are UK only, and 9am-5pm.