Did you know that there are over 15 billion spam emails sent out daily? That’s a lot of email, let alone just spam messages. In order to know how to detect phishing emails, you have to understand what they are and where they come from. Comparable to other types of spam, Phishing attacks have quite a few specific characteristics.
What is a Phishing Email/Scam?
A phishing email is a specific type of scam and consists of a criminal attempting to send email pretending to be someone they aren’t. Typically, this is a legitimate company they are pretending to be and they will ask you for sensitive information that can be used to infiltrate your online profile/accounts.
Quite often, a phishing email consists of a fake email that looks like the legitimate companies email, and will have a masked fake URL hoping you don’t look to see where you are actually being sent. Sometimes they will just ask for information in emails hoping you respond, this information is typically personal and financial information. No matter if it’s a direct email, or if you are being sent a website to go to, the information asked is typically the same; credit card numbers, passwords, social security numbers, account numbers, usernames, mothers maiden name, and other types of personal information.
The emails can look extremely good, and almost look identical to an actual email from the legitimate companies. This is done quite often pretending to be a bank, or the IRS. The word “Phishing” is in relation to fishing, as they are attempting to lure you in, trying to get you to bite and provide them information.
Phishing Email Characteristics
Phishing scams typically have some key characteristics that are quite easy to detect once you know what to look for. Below I am listing off the different ways on how to detect phishing email:
- Typically the spammer will not know any ones name, so you will get an email from your bank, but it will say “Dear Sir/Madam”, or “Dear Customer”, and will be generic. You can typically spot this once you know about it pretty easy.
- Tons of grammatical errors will be present, and spelling errors can also show. This is usually because of the loss in translation and differences between languages. The attacker is hoping you are just quickly scanning the email instead of reading it deeply.
- When you look at the headers, you will see random characters, or a weird “sender/reply to” address. A lot of times they will be foreign country codes, like .ru, or .cn, and many others.
- Their email will typically repeat themselves, and tell you how much you can trust them. They will reassure you that you MUST do something.
- Urgency! Their email will always say you have to do this NOW or you will be blocked, banned, or whatever the phrase of the day is. They can also threaten with jail time, or huge fines. Sometimes they will say your balance is over drafted, etc.
- Attachments are sometimes present for you to click, PDF’s,.DOC’s, etc. Never open these files!
How To Protect Yourself From Phishing
Phishing emails can be hard to detect, and as a security professional I have almost fell for a few. You can get into a train of thought, and not even think about what you are doing. This will result in you accidentally clicking something, or going to their link, etc. Here are some quick things you can do to protect yourself in the event you just fail to detect them:
- Backup your data
- Find a good backup software you can trust and rely on to perform backups to the cloud or external drives
- Use Multi-Factor authentication
- Setup Multi-Factor Authentication on your bank accounts and other critical accounts
- Update your phones and computers
- Perform updates as often as you see new ones, and set them up for automatic updates if possible.
- Protect your PC by using security software
- There are quite a few good antivirus software out there.
What To Do If a Phishing Attack Fools You
If you are caught off guard and get hit by a phishing attack, and send information, you will want to protect whatever information you sent.
Login and change any passwords you need to, and if you gave social security numbers, lock your credit profiles. You can also contact the authorities in your area to report the crime, and will want to report the message to the company they were impersonating. You can follow all the steps at https://identitytheft.gov to further protect yourself.
Ultimately you want to try to ignore these emails, and don’t respond to them. A lot of the times they phisher does not even know if your email address is a real address with a live person. By responding, you are giving them the first bit of information they want to know, and they will continue to send you different campaigns in attempt to get through.
If you like what you read and want additional tips and tricks, subscribe to my newsletter, and comment below if you have any experience or additional ideas for others. If you have any questions as well, thanks!