Learning how to identify phishing emails is an important skill: One that all employees need to master. Many phishing emails are easy to spot if you know the signs of a phishing email to look for.

It is not necessary to spend a couple of minutes checking every email at work, after all, that would leave little time for doing anything else. There are some quick and easy checks that take a few seconds and can easily allow you to identify phishing emails quickly. Performing these simple checks on each inbound email should become second nature before long.

5 Easy Ways to Identify Phishing Emails

Listed below are 5 basic checks that should be performed to identify phishing emails. These will allow you to identify the most common techniques used by phishers to steal your credentials or get you to install malware.

Check the Sender’s Email Address

Many emails will have a different display name to the actual email address, so it is important to check who the real sender is. The display name can be easily configured by the sender to make you think an email is genuine. You may receive an email that has PayPal as the display name, but the sender’s email address could have a non-PayPal domain or have been sent from a Gmail account or another free email service.  Free email services such as Gmail, Yahoo, Hotmail are not used by businesses.

Check that the domain – the part of the email address after the @ symbol – matches the sender. For PayPal that would be PayPal.com. Also check to make sure the domain name is spelled correctly and that there are not any transposed or replaced letters. It is common to replace an i to be replaced with a number 1 for example, an m to be switched to an rn, or hyphens to be added to domains to make them look official. Pay-Pal for instance.

Carefully Check Hyperlinks in Emails

Phishing occurs via email, but the actual credential theft usually occurs online. Hyperlinks are included in emails that direct people to a web page where they are asked to enter sensitive information such as their email login credentials. These web pages are usually carbon copies of genuine login prompts for services such as Office 365, apart from the domain on which the page is hosted.

Anti-Phishing Demo
Protect your MSP clients with the newest zero-day threat protection and intelligence against anti-phishing, business email compromise and zero-day attacks with PhishTitan.
Free Demo

You should be suspicious of any hyperlink in an email. Even clicking a link could be enough to trigger a malware download. You should check the true destination URL of a link, which may be masked with a button or legitimate looking text. Hover your mouse arrow over any link to check the destination URL.

The domain should match the sender and be the official domain used by the company. If the email has been sent from a company, visit the website by entering the correct domain into the address bar of your browser rather than clicking the link. If you believe the link to be genuine, remember to double check the page you land on, as you may have been redirected to a different website.

Be Wary of Email Attachments

Email attachments are often used in phishing to hide malicious content. Malicious hyperlinks are often added to Word documents and PDF files rather than include them in the message body of the email to evade security solutions.

Attachments commonly have macros – code – which will perform malicious actions if allowed to run. When you open these files, you will be prompted to “enable editing” or “enable content.” Doing so will allow the code to run. You will not need to enable any content in order to view a legitimate file.

Executable files are often attached to emails that will install malware if double clicked. Executable files include files with a .exe, .js, .bat, .scr, .vbs extension. Also check for double extensions, such as .doc.exe or .pdf.exe. Windows may hide the actual extension of the file if it is known and only display the first part. If in doubt, do not open attachments, especially those in unsolicited emails. If you believe the attachment to be genune, make sure you scan it with antivirus software before opening.

Spelling and Grammatical Errors

Many phishing emails are poorly written and contain spelling and grammatical errors. Official emails from a company will have been checked prior to being sent, so spelling and grammatical errors are extremely unlikely. Businesses often have spell checks on emails enabled by default. Many phishing messages are sent from Eastern Europe or other non-English speaking countries and have been translated using Google Translate so may sound a little odd.

Also be wary of any odd or unusual requests, such as a request to open a file when information could easily have been included in the message body or requests to send sensitive information via email.

Threats and Urgency

Most phishing emails attempt to get the recipient to take fast action and not consider the request too carefully. There is often a threat of bad consequences if action is not taken quickly, such as the closure of an account or loss of service. Phishers rely on fear (or fear of missing out) to get people to take action that they would normally not take and to act without thinking.

You may receive an email warning that your Netflix account will be closed due to a security issue unless you login. Emails often threaten arrest or lawsuits of you do not take immediate action. You may receive a too-good-to-be-true email offering you an incredible bargain or claiming you have won a competition you did not enter. Sceptics are less susceptible to phishing!