How to Spot a Phishing Email? A Brief Guide

Feb 19,2020 by Parul Singh
4769 Views

Picture this: You receive an email from your online retailer that reads-‘the item you purchased online cannot be shipped because your payment information wasn’t correct.’

To update your information, you click on a link provided in the email. The link directs you to the retailer’s website. You login on the website, fill the correct payment details and press update. Minutes later, you realize that you have fallen prey to a phishing scam.

In a phishing scam, cyber-attackers pose as a legitimate individual/organization on email/phone and try to gain access to sensitive, confidential user information-username, password or credit card details. These miscreants manipulate the users into taking specific actions-clicking on a link, opening an attachment or divulging personal information.

Phishing scams have grown significantly over the past couple of years with no signs of slowing down. Individuals and organizations fall victim to seemingly innocuous emails only to discover tragic consequences later on.

Statistic: Number of brands and legitimate entities targeted by phishing attacks from January 2009 to June 2019 | Statista
Find more statistics at Statista 

Now the question is: Is it possible to spot a phishing email and avoid drastic consequences? Of course, it is.

How to spot a phishing email in 2020?

Following are the signs of a phishing email:

1) The Email Does Not have Company’s Domain Name

Every legitimate organization has its own domain email. They will never use a generic domain like Gmail.com or Yahoo.com for messaging you.

So, a legit email from say, PayPal will read ‘@paypal.com’ and not ‘@paypal123.com’ or ‘@123email.com’.

An easy way to check the domain name of an organization is to type its name into the search engine. Now, this looks like a simple way of detecting a phony email, but we rarely check the email address before opening a mail. Most of us just read the display name.

A miscreant can send us a mail with the display name ‘PayPal’ and an address that reads ‘[email protected]’ or ‘[email protected]’. And that’s enough to dupe us into believing that the mail is from a legit source.

See also  Technologies You Must Put Your Bet On

                                                              Email Does Not have Company’s Domain Name

Courtesy: www.idtheftcenter.org

Now, have a look at the above message. It displays the name ‘PayPal Support’ and seems to be coming from a genuine source. But looking closely, you will come across a telltale sign: the email address is not PayPal’s. PayPal will never send mails from a generic domain like ‘outlook.com’.

TIP: Check the email address and not just the display name before opening an email. Don’t open if there’s a discrepancy between the domain name and the apparent sender. And yes, always look out for misspelled domain names-they are a hacker’s favorite.

2) The Email has Grammar and/or Spelling Errors

One of the common signs of a phishing email is that it is poorly written. Phishing mails often have grammar and spelling errors. This happens because scammers usually aren’t very good at writing. Many of them are from non-English-speaking countries, and their backgrounds allow them limited opportunity to learn the language.

Having said that, even mails from legit organizations can have typos but they will not make mistakes that native speakers never make, for instance, grammatical incoherence or punctuation errors.

Look at the email shown below. Here, the receiver has been addressed as ‘cardholders’. Both the first and last sentences lack a punctuation mark. Plus, the last sentence has been written in three lines. Any mail with typos of this kind is certainly a hoax.

Email has Grammar / Spelling Errors                                                      Image Courtesy: umbrella.cisco.com

Here’s another one:

Email has grammatical and spelling errors

Image Courtesy: umbrella.cisco.com

TIP: For any suspicious email, look out for typos. If there are blunders of the kind a native speaker will never make, the email is a hoax.

3) The Email Creates a Sense of Urgency

Any email that creates a sense of urgency and/or threatens negative consequences should be treated with caution.

See also  Ransomware in focus as hackers alter tactics

This is because scammers understand that most of us tend to procrastinate things and will not act immediately unless pushed. And that’s the reason there are so many phishing emails related to PayPal and Netflix. Most of us use these services regularly and any issue with their accounts will have immediate consequences.

Here is an example:

Email Creates a Sense of Urgency

 Image Courtesy: edu.gcfglobal.org

The message creates urgency and warns the receiver of drastic consequences: ‘we will put a hold on your account”.

TIP: Beware of emails that warn you of drastic consequences.  

4) The Email has Unsolicited Links or Attachments

Another common sign of a phishing email is unsolicited links and/or attachments.

All phishing emails, irrespective of where they originate from, ask you to download an infected attachment or click a link to a sham website that requests your personal information.

No legitimate website sends you attachments at random but asks you to download them from their website. There are, however, instances when even authentic websites send you documents such as white papers because you had left your contact details on their website.

For attachments, we suggest that you never an open an attachment till you are confident that it is from a legit source. If you receive a warning about the attachment, don’t proceed. Contact the sender through an alternative means and verify if they have sent the document.

As far as links are concerned, you can always check the destination address- if it does not match the context of rest of the mail, it is a hoax. For instance, if the apparent sender of the email is PayPal, its link should direct you to destination ‘paypal.com’.

Now, at times, the destination address remains hidden behind a button. In such cases, it is easy to identify where the link goes: on a PC, you can just hover your mouse over the button and the destination link will appear (as shown in the image below). On a mobile, you can press down the link and a pop-up containing the link will appear.

Email has Unsolicited Links or Attachments

Image Courtesy: itgovernance.co.uk

See also  How Agile Monitoring Systems Have Saved Multiple Lives In The Age Of Automation

TIP:  Never open an attachment till you are certain it is from a legitimate source. For links, check the destination address by hovering your mouse over the link (on desktop) or pressing down the link (on mobile).

5) The Email Requests Sensitive Information

No genuine organization would request you to send sensitive information over an email. Scammers, on the contrary, share a link directing you to a fake website and ask you to login and enter your personal information-credit card number, address, social security number, etc.

Email Requests Sensitive Information

Image Courtesy: securitymetrics.com

In the above email, the scammer requests the user to download the file and update his login credentials. He clearly needs to know the user’s login credentials.

TIP: Do not right away reply to an email soliciting your personal details. Immediately contact the organization from which the mail has supposedly come.

 6) The Email Does Not Address You by Your Name

All genuine organizations address you by your name. They refrain from using salutations like ‘Dear customer’, ‘Dear account holder’ or ‘Dear cardholder’. This is because scammers typically send thousands of mails counting on the probability that at least some users will fall for the bait. In the case of advertisements, they do not even bother to use the salutation.

Email doest not have your name

          Image Courtesy: techjury.net

Your name is not mentioned in the mail

 Image Courtesy: Cellopoint.com

What’s important to remember is that scammers are getting more sophisticated over time. So, a suspicious email may address you by your name. In that case, you should look for other indicators.

TIP: Tread with caution when it comes to emails with a generic salutation such as ‘Dear customer’, ‘Dear account holder’ or ‘Dear cardholder’.

The Bottom Line

It’s true that advanced email clients identify and weed out many spam emails. But their detection systems aren’t foolproof. As a result, a lot of these emails can and do make their way to your inbox. A single instance of negligence can make you pay a hefty price. So, you must look out for all the telltale signs before opening a suspicious mail.

Looking for more such blogs? If yes, please let us know in the comment section below. Thanks for reading.

0 0 votes
Article Rating
Subscribe
Notify of
guest
1 Comment
Oldest
Newest
Inline Feedbacks
View all comments
AffiliateLabz
February 19, 2020 8:14 pm

Great content! Super high-quality! Keep it up! 🙂