Phishing and How to Spot Phishing Emails

Support » Email Support » Phishing and How to Spot Phishing Emails

Improve email phishing awareness for yourself and your organization. You all have a role to play in information security!

Email phishing is an attempt to gather personal information by employing any number of tactics through email and fake websites. Phishing emails and websites are constructed to appear as if they have been delivered or have originated from a legitimate organization, company or known individual. Typically phishing emails attempt to lure users into clicking on a link designed to gain further personal information whether this is in the form of malware/virus payloads or redirection to a fraudulent website that appears at first glance to be legitimate.

Let’s discuss phishing email, how to spot it and what to do when you have recognized a phishing message.

How can you spot a phishing email?

  • Fake website links – the link may look real but when you hover over it does the URL look suspicious
  • Attachments – are you expecting a message with an attachment from this organization, company or individual?
  • Sense of urgency – phishing emails often attempt to add fear and jeopardy to trick a user into a hasty response
  • Miss-spelling and/or grammar errors
  • Voice or text message from an unknown caller
  • Generic greetings – Surely your doctor, bank, financial advisor knows your full name
  • Requests for personal/sensitive/financial information
  • In the To: line, is your email address part of a large number of mail recipients?
  • Does the sender address appear legitimate?
  • Invoice phishing – a message instructs the recipient to click on a link to pay an invoice
  • Payment phishing – a message instructs the recipient to click on a link to update credit card or other payment information

Here are a few examples to help you recognize phishing emails:

From: MyBank secure87@mybankxyz156.com<br /> Subject: Urgent! Update your account password!
Date: Apr. 1, 2016

Dear Valued MyBank customer,

During a recent audit our security teams identified that someone recently attempted to access your account from outside the United States.
To ensure that your account is protected please CLICK HERE to update your current account password immediately!

Sincerely,
MyBank Internet Secruity team

What is suspicious about this message?

  • The sender email address looks odd, it isn’t from the mybank.com domain!
  • The subject relays a sense of urgency about personal information!
  • The message is not addressed to you by your full name!
  • The message is asking you to click a link where you will enter personal information again enforcing a sense of urgency.
  • The security team at MyBank miss-spelled security!

From: UPS trakUPS@gmail.com<br /> Subject: Your order has shipped!
Date: May 15, 2016

Your order (#tzn12395t566) has shipped! Click the link or button below to enter your account information and track your shipment.

Track Package

What is suspicious about this message?

  • The sender email address looks odd, it isn’t from the ups.com domain!
  • The subject has exciting news about your order but, did you order anything?
  • A tracking button for an order you can’t remember making asking for account information seems odd, and when you hover your mouse over the Track Package link the URL that you will be redirected to is not part of ups.com!

Phishing emails come in a variety of forms in attempts to trip you up, and trick you into providing your personal information. So, what can you do if you spot a phishing message in your inbox? You can report the message! To report a phishing message to the US government you can forward the message to phishing-report@us-cert.gov or spam@uce.gov

Additionally, if you are using IQComputing e-mail hosting services with our spam firewall and spam e-mail reaches your inbox, you may report it by forwarding the offending message to ‘yourdomain.com@missedspam.com’ (replacing ‘yourdomain.com’ with your e-mail domain (example: ‘yahoo.com@missedspam.com’).

If you realize you have been a victim of a phishing attempt ensure your anti-virus software is up to date and run a scan on your system to make sure you haven’t picked up an infection! Once you are sure that your system is not infected change your email account password and any account credentials for associated online accounts. Finally, check your online accounts thoroughly for a few weeks following the incident, and be vigilant for any suspicious activity!