Phishing is not a new phenomenon – it has been the most common attack vector for cybercriminals for a number of years – but, due to the increasing complexity of phishing emails, knowing how to spot phishing is becoming more important than ever before.
In spite of advances in anti-virus protocols and detection technology, phishing attacks continue to increase in number and impact. Everyone is a target in today’s cyberwar climate but, by educating your workforce about how to spot phishing and deal with phishing attacks appropriately, today´s targets can become the primary defense sentinels of the future.
Step 1 of How to Spot Phishing is Knowing What a Phish Is
The first step in spotting a phishing email comes with understanding what a phishing email is. The most accurate definition of a phishing email is an email sent to a recipient with the objective of making the recipient perform a specific task. The attacker may use social engineering techniques to make their email look genuine, and include a request to click on a link, open an attachment, or provide other sensitive information such as login credentials.
Socially engineered phishing emails are the most dangerous. They are constructed to be relevant and appear genuine to specific recipients. The recipient is more trusting of the email and performs the specific task requested in the email. The results can be devastating. If the recipient clicks on a link to a malware-infected website, opens an attachment with a malicious payload or divulges their login credentials, an attacker can access a corporate network undetected.
Tips for How to Spot a Phishing Email
Socially engineered phishing emails often evade detection by email filters due to their sophistication. They have the right Sender Policy Frameworks and SMTP controls to pass the filter´s front-end tests and are rarely sent in bulk from a blacklisted IP address to avoid being blocked by Realtime BlackHole Lists.
However, phishing emails often have common characteristics. Although not universal, if a workforce is advised of these characteristics – and told what action to take when a threat is suspected – the time invested in training a workforce how to spot a phishing email can thwart attacks and network infiltration by the attacker.
Emails Demanding Urgent Action
Emails threatening a negative consequence unless urgent action is taken can often be one way of how to spot a phishing email. Attackers often use this approach to rush recipients into an action before they have had the opportunity to study the email for potential flaws or inconsistencies.
Emails with Bad Grammar and Spelling Mistakes
Another typical sign of how to spot phishing is bad grammar and spelling mistakes. Many companies apply spell-checking tools to outgoing emails by default to ensure their emails are grammatically correct. Those who use browser-based email clients apply autocorrect or highlight features on web browsers.
Emails with an Unfamiliar Greeting or Salutation
Emails exchanged between work colleagues usually have an informal salutation. Those that start with “Dear” or contain phrases not normally used in informal conversation could be indicators that they originate from an attacker and should arouse suspicion.
Inconsistencies in Email Addresses, Links & Domain Names
Another way how to spot phishing is by finding inconsistencies in email addresses, links and domain names. Does the email originate from an organization corresponded with often? If so, check the sender´s address against previous emails from the same organization. Look to see if a link is legitimate by hovering the mouse pointer over the link to see what pops up. If an email allegedly originates from (say) Google, but the domain name reads something else, report the email as a phishing attack.
Most work-related file sharing now takes place via file-sharing facilities such as Dropbox. Therefore emails with attachments should always be treated suspiciously – especially if they have an unfamiliar extension or one commonly associated with malware (.zip, .exe, .scr, etc.).
Emails Requesting Login Credentials, Payment Information or Other Sensitive Information
Emails originating from an unexpected or unfamiliar sender that request login credentials, payment information or other sensitive information should always be treated with caution. Spear phishers can forge login pages to look similar to real thing and send an email containing a link that directs the recipient to the fake page. Whenever a recipients is redirected to a login page, or told a payment is due, they should refrain from inputting information unless they are 100% certain the email is legitimate.
Too Good to Be True Emails
Too good to be true emails are those which incentivize the recipient to click on a link or open an attachment by claiming there will be a reward of some nature. If the sender of the email is unfamiliar or the recipient did not initiate the contact, the likelihood is this is a phishing email.
“If You See Something, Say Something”
Conditioning your workforce how to spot phishing emails and report suspicious emails – even when opened – should be a workforce-wide exercise. The chances are that if one of your workforce is the subject of a phishing attack, others employees will be as well. “If you see something, say something” should be a permanent rule in the workplace, and it is essential that employees have a supportive process for reporting emails they have identified or opened.
The reporting of potential phishing attacks and opened suspicious emails enables security personnel to secure the network in good time – mitigating the risk that a threat will spread to other areas of the network and minimizing the access an attacker has to the network. It is also a good practice to identify which employees spot actual phishing email in order to prioritize action when multiple reports of a phishing attack are received.