The first thing you usually suspect when reading phishing messages is that the language is incorrect. For example, a colleague may suddenly become too accustomed to it, or a family member may become a little more formal. For example, if you personally receive an email from the CTO of Cofense that begins with “Dear Scott,” you will immediately get a warning signal. In all of our communications over the years, he has never started emailing with that greeting, so it will feel wrong. If the message looks strange, it’s worth looking for other signs that it could be a phishing email.
One of the most common signs of phishing emails is misspelling and misuse of grammar. Most companies have spell checking enabled in their email clients for outbound emails. You can also apply the AutoCorrect or Highlight feature on most web browsers. Therefore, emails from professional sources are expected to be grammatically and spell-free.
Another easy way to identify potential phishing attacks is to look for email address, link, and domain name mismatches. For example, it’s worth checking previous communications to see if the original email address matches. If the link is embedded in the email, hover over the link to see what “pops up”. If the email claims to be from PayPal, but the link’s domain doesn’t contain “paypal.com”, it’s a great giveaway. If the domain names do not match, do not click.
Emails that threaten negative consequences should always be treated with suspicion. Another tactic is to use urgency to encourage or demand immediate action to confuse the recipient. Scammers hope that rushing to read an email may not be fully investigated and may not detect other inconsistencies associated with phishing campaigns.
If you receive an email with an attachment from an unknown source, or if the recipient did not request or expect the file from the sender of the email, you need to carefully open the attachment. If the attachment extension is commonly associated with malware downloads (.zip, .exe, .scr, etc.), or if the extension is unknown, the recipient should use it for virus scanning before opening the file. Must be marked.
If the email requests something that doesn’t follow the standard, it indicates that the message is potentially malicious. For example, if the email requesting a link to install a program or patch a PC is from the IT team, but this type of activity is usually handled centrally, this is the case. Is a great sign that you have received a phishing email. You should not do this.
Many phishing emails are packed with details aimed at providing false security, but some phishing messages are also sparse in the hope of exploiting ambiguity. .. For example, a scammer who sends an email from the preferred vendor, Jane, sends an email to the company once or twice a week. This email contains a vague message “This is your request” and an attachment titled “Additional Information”. I’m lucky.
Phishing emails are not desirable, so common hooks are to win a prize to the recipient by clicking a link or opening an attachment, to be eligible to receive a prize when replying to an email, or To notify you that you will benefit from the discount. If the recipient agrees to receive the marketing material or newsletter and does not start the conversation, the email is likely to be suspicious.
One of the most sophisticated types of phishing emails is when an attacker creates a fake landing page and the recipient is directed through an officially visible email link. The fake landing page contains a login box or is asking for payment to resolve a pending issue. If the email was unexpected, the recipient would enter the URL instead of clicking the link to avoid entering fake website credentials or paying the attacker. You need to visit a website that claims to be the source of your email.
Identification is the first step in fighting phishers. However, if an employee receives a phishing email, others may do the same. Organizations need to raise awareness of phishing and get employees to report signs of phishing emails. This is the old adage “If you see something, say something” to warn your security or incident response team.
The complexity of this is to sort the various reports to eliminate false positives. So how can a company block phishing emails and identify phishing attacks? One way is to prioritize alerts from users who have clearly identified phishing attacks in the past. The high-priority reports provided by these staff provide IR (incident response) teams and security operations analysts with the information they need to respond quickly to potential phishing attacks.