Identifying a Phishing Email

If you have an email address, there’s a good chance you have received a phishing email in the past. Most of them are very obvious attempts at phishing with terrible spelling and grammar. But sometimes they are much less obvious and there have been some very high-profile phishing scams in the past. One of the most infamous was the Dyre malware email in 2014 which linked people to Dyre, which targets banking information and customer data.

Luckily, if you know what you’re looking for, even the most innocent looking of phishing attempts can be recognised. Every single time you receive an email there are some things for you to quickly scan which should help you. In this post, we will keep an eye on the things you need to spot if you are going to keep yourself safe from phishing attempts.

1. Clear Giveaways!

If you know what you are looking for there should be some very clear giveaways which will immediately help you notice that it is a phishing email. You want to start by checking the address field, subject and the attachments.

In the address field, ask “Do I know this person?” — If not, then it’s a good indication that it might be a phishing email. If it claims to come from your bank but the address is yourbank@gmail.com then it’s very likely that it is a phishing scam. When was the last time that you have known a bank use a Gmail or Yahoo! account?

The subject field is the area in which the sender will attempt to get your attention. They will often try to scare you into following whatever it is they want you to do in the content of the email. Pay attention to the subject, but don’t judge a book by its cover – place most of your focus on the words in the main body of the email.

Be careful with the attachments in the email – if it has any. Hackers know that you will want to open attachments in an email at some point. But before you do – look at the person the email is from, if they know you, would you expect attachments from them. If you don’t know them, why would they send attachments to you?

Putting all of these together, there are some real dead giveaways that an email is a phishing scam. If an email comes from an unknown source, with a subject clearly intended to invoke emotions and has an attachment you wouldn’t expect, it is likely a scam. In these cases, you need to delete the email and ignore it completely.

2. What Does The Email Say?

If an email comes from a good source and there are no attachments, it doesn’t mean it is a safe email. Many criminals and hackers will take real accounts and use them for less than kosher purposes. You may find that an email which appears to legitimately come from a big company may actually be used to trick you into giving them your personal information.

Look at the main text of the email and examine it carefully. Consider how the person speaks to you in the email – if they know you, do they acknowledge you in a different way than usual? If it is someone who doesn’t know you, is the greeting strange in any other way?

Then look at the structure of the email, this might give you a lot of clues as to whether it is genuine. Criminals/hackers will always want something from you and the email will be written with the intention of getting it from you. Ask if the email is asking you to take some kind of action or for you to give some information you wouldn’t usually give out. Does it try and involve a sense of urgency or to pressure/rush you? If so, this could be a sign that the email isn’t genuine.

You may also notice spelling errors or grammatical errors, as most phishing scammers do not speak English as a native language. You may also notice the use of a 24-hour clock strange if it’s from a company in the United States as it is not usually used outside of the military. This is a good signal that it is actually from a scammer in the Europe or Asia.

3. Look At The Headers

If you have an IT department at work and you are still a little suspicious at this stage you should be able to flag it to them. But if you do not, or you are on a home email address then you will need to carry out this last bit of investigation yourself.

The headers in an email contain a lot of information that is very useful if you want to verify if an email is genuine. In the first line of the header, you will find the senders IP address and the information of the ISP. The second line of the header tells you where the email was delivered from.

If the company emailing you claim to be local, but the ISP is from a different state or from Europe or Asia then you have right to be suspicious of them. The numbers in the first line indicate the IP of the person sending the email. You can use this to flag the IP to your IT system and block it from sending you emails in future.

You can also find out in the headers section of an email whether a scammer is attempting to “spoof” another domain when sending an email. This is done to help them get through the spam detector systems put in place by email providers. You can see the email it is claiming to be in the brackets in the first line of the header and then afterwards it will tell you where it is actually coming from. If it has been “spoofed,” the two domains will not match; if it hasn’t, they will match.

Putting together all of these points will ensure that you do not end up being caught out with a phishing attack. Ignoring these pointers might put you in a position where your business ends up with a malware outbreak which is almost impossible to fix.