How to spot phishing email attacks
For employees, knowing how to spot phishing attacks can help to protect against being duped by hackers. It can also help to defend their company from substantial loss of revenue, legal fees, regulatory fines and loss of business.
Understanding how to spot phishing attempts starts with understanding what phishing is. A phishing attack is a scam that uses email to trick recipients into clicking on a link, opening attachment or otherwise taking action that produces harmful results. These emails appear to come from a source the user normally trusts – a bank or credit card company, or a shipping company for example. The email may ask users to do something simple like change the password on their account, or provide personal credentials in order to get access to information.
What is spear phishing? Spear-phishing is similar to a phishing mail attack but targets a specific individual with information learned about them from their web presence. Spear-phishing email may appear to come from a friend or a trusted business colleague. In the case of CEO fraud phishing, the email sender may seem to be a chief executive or chief financial officer, asking the user to transfer money or to share privileged information.
Tips on how to spot phishing techniques
Successful phishing and spear-phishing attacks can cost a company millions of dollars, destroy business reputations, undermine customer trust and result in legal action and regulatory fines. Clearly, knowing how to spot phishing attacks can help to prevent these devastating consequences.
Here are a few phishing tips that can help users understand how to spot phishing techniques.
1. Look for inconsistencies in links, addresses and domains. Phishing emails often have email addresses that are different than the name on the email account. They may also use domain names that appear to be slightly off in some way. Users can hover on a link to check the address before clicking – oftentimes, links will lead to sites that have nothing to do with the purported sender's domain.
2. Watch out for bad spelling and grammar an unfamiliar language. Phishing attacks often originate in other countries – watching out for unfamiliar language or inaccurate spelling can help to identify phishing emails.
3. Be suspicious of demands for urgent action. Phishing attacks often demand an urgent response and may even threaten recipients with negative consequences unless they respond immediately.
4. Be wary of attachments. Be completely sure of a sender's identity before opening any attachment, even from one that appears to be from a trusted source.
When knowing how to spot phishing attempts isn't enough
Even with intensive training on how to spot phishing attacks, in the fast pace of the business day, many employees will inadvertently click on a link, open an attachment or share sensitive information in an email reply. That's why, in addition to providing training on how to spot phishing attacks, it's important to have automated anti phishing solutions that protect employees from these dangerous threats.
Mimecast provides anti phishing software as part of a comprehensive, SaaS-based service for email security, archiving, continuity and compliance. Mimecast's technology automatically blocks malicious URLs and suspicious attachments, and identifies anomalies in email content, headers and domains that may signal a phishing or spear-phishing attempt.
Mimecast solutions are easy-to-use and can be quickly implemented – as a cloud-based solution, there is no hardware or software to purchase and no capital investment to make.
Learn more about how to spot phishing attacks and about Mimecast's anti-phishing technology.
What to do If you suspect a phishing attack
If you suspect that you have received a phishing email, do not open any attachments or click on any links. Instead, report the message to your IT department or security team. They will be able to investigate and determine if it is a legitimate threat.
FAQs: How to spot phishing
How does phishing email work?
A phishing email is a fraudulent message designed to lure a recipient into visiting a website where their sensitive information can be collected by attackers and where malware may be downloaded to their computer. Phishing email mimics the design of a reputable company, making it appear as if the message was sent by a person or organization that the recipient knows and trusts. Typically, a phishing email will encourage the recipient to act quickly to take advantage of an offer or to avoid penalties and negative consequences, and require them to enter passwords, bank account numbers, credit card information, Social Security identification or other personal data into forms on a fraudulent website. Once that data is collected, attackers may use it to access the recipient’s accounts and steal identities, data and money.
How to spot a phishing email?
There are several ways to spot to phishing scam.
- Inconsistencies in email addresses, company domains and URLs. Frequently, the domain in the sender’s email address is not an exact match for the company they purport to belong to. Also, the URL in the text of an email will not match the actual link address, which can be seen by hovering the mouse cursor over the link.
- Requests for personal information. Legitimate companies rarely send emails asking recipients to enter personal information into forms on a website.
- Threat of negative consequences. Phishing emails often use fear to induce recipients to act. Messages may suggest that users must login to prevent money from being lost, accounts from being closed, or legal action from being taken against them.
- Non-personalized communications. Phishing emails will typically not use the recipient’s name within the email, using a salutation like “dear customer” instead.
- Poor spelling and grammar. Many phishing emails include misspelled words, unusual language and poor grammar.
- Suspicious attachments. Phishing emails may contain attachments such as fake invoices.
How to spot a spear-phishing email?
While phishing campaigns send emails to many people and hope a few will bite, spear-phishing campaigns are highly targeted to fewer individuals. Attackers may research targets and use information from online profiles and social media to fill an email with enough detail that the recipient believes it’s from a trusted source. Spear-phishing email recipients are usually higher value targets who have the potential of providing data or taking actions that can deliver a significant amount of money, access or data to the attackers. An email may be part of a spear-phishing attack if:
- It makes an urgent request for the recipient to share information, download a file, initiate a wire transfer or open an attachment.
- The domain in the “from” address is not an exact match of the company’s domain.
- The email contains “disguised links” where the link’s real address (which can be seen by hovering the cursor over the link) is different than the text for the link that appears in the email.
How to spot a phishing website?
A website used in a phishing attack will likely have many of the hallmarks of a phishing email, including:
- A sense of urgency. Phishing websites often use language that has a sense of urgency and desperation, which you won’t find on legitimate websites for banks, shipping companies and other reputable institutions.
- Phishing websites are not written by business and marketing professionals, so they tend to have lots of misspellings, grammatical errors and language mistakes.
- Incorrect URLs. Phishing websites will often us a “http://” prefix instead of the standard “https://” prefix, which indicates a site is secure. Also, the spelling of the URL for a phishing website will often be slightly different from the company it purports to represent.
- Poor design. You can usually spot a phishing website by looking closely at the design, and especially the resolution of images. Because attackers usually build sites quickly, they’re more likely to use low-resolution images and to build sites that don’t look quite as professional.
How to block phishing email?
The best approach to preventing phishing attacks is to adopt multiple layers of security that include:
- Security awareness training that teach employees how to recognize phishing email and what to do when they receive one.
- Anti-spam and anti-malware software that can spot phishing attacks and block email from reaching users.
- DNS authentication services that include SPF, DKIM and DMARC protocols to prevent spoofing and impersonation.
- Anti-impersonation technology that can spot phishing email with header anomalies, domain similarity and other signs of social engineering-based email attacks.
- Solutions that scan every link and attachment in every email and prevent users from accessing them if they are determined to be malicious.