Virtually everyone uses email which makes it an attractive attack vector for cybercriminals who use phishing emails to steal credentials, deliver malware, and gain a foothold in corporate networks, but what is a common indicator of a phishing attempt? How can these malicious emails be identified and avoided?
In this post we will list some of the main signs of phishing emails that that all email users should be looking out for in their inboxes.
Phishing is the Number 1 Attack Vector!
In 2021, and for several years previously, phishing has been the main way that cybercriminals obtain login credentials to allow them to access sensitive business data and gain the foothold they need in business networks for more extensive compromises. Phishing emails are also used to deliver malware that provides persistent access to computers and the networks to which they connect. Malware downloaders are commonly delivered via email that download other malicious payloads such as ransomware. Most data breaches start with a phishing email!
Phishing emails were once easy to detect, but that is not always the case now. Many phishing attempts are extremely sophisticated. Emails may only be sent to a handful of people, and even individuals are targeted. The emails are convincing and can be almost impossible to distinguish from the genuine email messages that they spoof.
With an advanced email security solution in place, the majority of these messages will be blocked; however, no email security solution will block every malicious message without blocking an unacceptable number of genuine messages. That means all employees must have the necessary skills to identify a phishing email when it arrives in their inbox.
What is a Common Indicator of a Phishing Attempt?
In order to identify a phishing email, you need to know what to look for, so what is a common indicator of a phishing attempt? Listed below are some of the most common signs of phishing emails for you to look out for.
Unfortunately, there is no single common indicator of a phishing attempt. Tactics, techniques, and procedures are constantly changing, but if you identify any of these signs in an email in your inbox or spam folder, there is a reasonable chance that the message is not genuine and should be reported to your security team. Chances are, there will be other copies of the message in the email system that will need to be removed.
The message is in your spam folder
There is a reason why messages are classified as spam by email security solutions. Analysis of the message has highlighted telltale signs of spam or phishing, but not enough for the message to be blocked at the email gateway. If a message is sent to your spam folder you should exercise caution when opening the message.
It is an unsolicited message
Phishing emails are unsolicited – You certainly didn’t ask to be phished! There may be a seemingly valid reason why you have been sent the message, but if you didn’t request the email and are not on a marketing list for the company or individual sending the message it should be treated as suspect.
Important information is in an attachment
One of the ways that phishers attempt to conceal their malicious intent is to use email attachments. This could be a link in an attached file that you need to click (why not just add it to the message body?) or commonly, you must enable content in an Office file to view the content of the attachment. Doing so will allow macros to run that will download a malicious file. Zip files are also commonly used as they are hard for spam filters to access, or files may be password protected. The files must always be scanned with AV software prior to opening and, even then, treat them with extreme caution.
Urgent action is required and there is a threat in the email
Phishing emails often convey a sense of urgency to get people to respond quickly without thinking too much about the request. There may be a threat of bad consequences if no action is taken – your account will be closed – or some other sense of urgency, such as missing out on an amazing opportunity. Always take time to carefully consider what is being asked and check the email for other signs of phishing.
You are asked to click a link in an email
Spam filters scan messages for malware, so it is common for the malware to be hosted on a website. A link is included that users must click to obtain information or to download a file. The link may take you to a website where you are required to enter your login credentials, and that site may have an exact copy of your usual login prompt – for Google or Office 365 for example. You should carefully check the link to find out the true destination (hover your mouse arrow over it) and then double check the full URL on the destination site. You may have been redirected to a different site after clicking. Is the page on the genuine website used by that company?
The sender of the email is not known to you or the email address is suspect
Phishers spoof email addresses and change the display name to make it appear that the email has been sent from a contact or official source. Check that the actual email address is legitimate – it is the correct domain for the company or individual. Check against past messages received from that individual or company to make sure the email address is the same. Remember, the sender’s email account may have been compromised, so even if the email address is correct that doesn’t necessarily mean the account holder sent the message!
The message has grammatical and spelling errors
Grammatical and spelling errors are common in phishing emails. This could be because English is not the first language of the sender or be deliberate to only get people to respond who are likely to fall for the next stage of the scam. Business emails, especially official communications and marketing emails, do not contain spelling errors or have grammatical mistakes.
The request is unusual, or the tone seems odd
Often the language used in phishing emails is a little odd. Emails impersonating known contacts may be overly familiar or may seem rather formal and different to typical emails you receive from the sender. If the tone is off or you are addressed in a strange way, it could well be a phishing attempt. Phishing emails will also try to get you to take unusual actions, such as send data via email that you have not been asked to send before. A quick phone call using trusted contact information is always wise to verify the legitimacy of an unusual request.
How Businesses can Improve their Phishing Defenses
If you want to block more phishing emails and malware you will need an advanced email security solution. The email security gateway is the first line of defense against malicious emails, but it is not necessary to spend a fortune to have good protection. If you have a limited budget or simply want to save money on email security, TitanHQ is here to help.
SpamTitan is an award-winning advanced email security solution that blocks in excess of 99.97% of malicious messages and spam. The solution is easy to implement, configure, maintain and use, the pricing policy is transparent and extremely competitive, and with TitanHQ you will benefit from industry-leading customer support. You can even try SpamTitan for free to see for yourself how effective it is. Get in touch with us today to find out more via email or just pick up the phone and speak to our friendly and knowledgeable sales team.