Phishing E-mails: What exactly are they and how to recognize them?

By Dennis Shelly

What is a Phishing attack and what are Phishing Emails?

The name “phishing” is a variation on the word “fishing,” as criminals dangle a fake “lure” (a legitimate-looking email, website, or ad) in the hopes that consumers will “bite” and provide the details the criminals seek – such as credit card numbers, account numbers, passwords, usernames, or other sensitive information. The term was introduced in the mid-1990s by hackers attempting to dupe AOL users into divulging their login credentials. The “ph” was presumably inspired by the word “phreaking,” short for “phone phreaking,” an early method of hacking that involved playing sound tones into telephone handsets to get free phone calls.

It is one of the common forms of cybercrime in which your sensitive and personal information can be stolen. Phishing scammers pose themselves as major corporations or other trustworthy entities to trick you into voluntarily providing information such as your website logins and credit card numbers. The majority of phishing scammers can contact you via text or email.

Advertisement

A phishing email is a fake or fraudulent email message that appears to be sent by a legitimate source, for example: your bank, the IRS, and Social Security, just to name a few. These emails include messages that request sensitive personal information in a variety of ways. You may not be able to tell the difference between a legitimate email and a phishing email if you don’t look closely at the emails you receive. Scammers work hard to make phishing emails look as authentic as possible, and that’s why you should be cautious when opening such suspicious emails and clicking links contained inside these emails.

How to Spot Phishing Emails?

Scammers keep on changing their tactics all the time, but certain signs can help you spot phishing emails.

Check the Sender’s email address first. Mismatches in the sender’s address, a suspicious path between sender and recipient, and the use of an unusual email client are all possible signs of a phishing email.

Check the email’s header. Mail headers contain a lot of information that can be used to spot possible phishing emails. Some of these are easy to read and understand, such as the DKIM and SPF sections can state that verification was successful or not. Other headers need some understanding of their use to be helpful in the email analysis.

Be alert when you receive Emails demanding urgent actions. Phishing emails often threaten a negative outcome or a loss of opportunity unless immediate action is taken. Attackers often use this technique to induce recipients to act before they have had a chance to examine the email for flaws or discrepancies. In 2019, this tactic is believed to be responsible for at least half of all cybercrime-related business losses.

Beware of suspicious attachments. Collaboration tools like SharePoint, OneDrive, and Dropbox are also used for the majority of work-related file sharing. As a result, internal emails with attachments should be treated with caution – particularly if the extension is unfamiliar or the one usually associated with malware (.zip, .exe, .scr, etc.).

Requests for login credentials, payment information, or sensitive information via email. Emails requesting login credentials, payment information, or other sensitive data from an unexpected or unfamiliar sender should always be handled with caution. Spear phishers create fake login pages that resemble the real thing and send an email with a link that takes the recipient to the fake page. If a recipient is redirected to a login page or informed that a payment is due, they should not enter any information until they are confident the email is authentic.

Most of the Attacks are carried out automatically. Scammers don’t have to monitor inboxes or send tailored responses when they use phishing attacks. They just send out thousands of carefully crafted messages to unsuspecting recipients. As a result, there’s no need to filter out potential respondents, as doing so decreases the pool of prospective victims while also assisting those who did not fall victim to alert others to the scam.

How to identify real and fake companies’ emails?

Recognize real vs. fake companies’ emails. You can identify phishing emails from the companies that appear illegitimate because legitimate company emails:

• do not ask for sensitive information via email.
• normally address you by your name.
• have email IDs with domain names.
• know how to spell.
• do not force you to visit their website.
• would not give you unsolicited attachments.
• links match legitimate URLs.

What to do if you suspect an email is a phising attempt?

Don’t open it. Just delete it. Sometimes just opening the message may execute harmful files. So if not sure just toss it!

Mark it as SPAM. Whether you access your email online or via an email client installed on your computer, almost all email client’s have an option to mark an email as spam, this deletes the email and permanentally removes it from your inbox.

Never click links. It’s highly likely these phising emails and embedded links are malicious and are designed to cause you, your collegues, and the organization harm. These links usually direct you to fraudulent websites and ask you for your login information and Personally Identifiable Information (PII).

EggHead IT is here to help. We understand there is no “one fits all” solution to phishing scams and prevent phising attacks, we provide consultations and support that’s custom-tailored to you. We are the team can help prevent such exposure and offer education and defenses to keep you safe.

Have a suggestion for our next article or have questions regarding e-mail security?  Please contact us by calling (760) 205-0105 or emailing us at tech@eggheadit.com and our Eggsperts are happy to help you with your questions or suggestions.

IT | Networks | Security | Phones | A/V | Integration