How to Spot Email Phishing?

One of the most widely exploited aspects of exploiting the vulnerability of both personal and enterprise online security is good old email phishing.

To keep your mind sharp and aware of the dangers of phishing, here are insiders tips from Advanced Firewall Solutions meant to help everyone combat one of the most dangerous digital threats today: email phishing attacks.

Since October 2013, companies have lost $5.3 billion because of cases of sensitive data breaches due to the infamous business email compromise (BEC). That’s why it’s crucial for businesses to protect and prevent leakage of sensitive information at all cost.

Truth is, the cases of email phishing rise by the hour.

Unfortunately, many simply don’t question the “from” field in any of the emails received daily, but in reality, there’s no reason to trust it without the right tools.

It’s important for businesses to have advanced security technology as their first line of defense against the consequences of email fraud. The best way to protect yourself, employees, and clients is to use a secure email gateway and email authentication defenses like DMARC (Domain-based Authentication Reporting and Conformance), or use advanced security measures, such as a professionally managed firewall, having firewalls developed from scratch, or better off – start with training staff on security.

Do not hesitate to get in touch and contact our team.

Unfortunately, some phishing emails will make it to the inbox, no matter how sophisticated your personal and enterprise email strategy is. And those messages have a lot of power!

According to Verizon and Business Insider, 30% of targeted recipients open phishing emails and 12% click on malicious email attachments.

Education and training are fundamental elements of personal and enterprise safety, especially for your email security strategy and practices.

That’s why our team shares the following email security tips to help you detect, identify and spot phishing mail. Read it through and pass it along to your friends, colleagues, managers, and clients.

Have little faith in email display names

Spoofing an email’s display name is a starter, and common phishing technique used by cybercriminals.

The following is how it works:

The email would have similar looks when a fraudster attempts to impersonate the hypothetical sender, be it “Your bank”, “Your Mobile Operator X”, “Insurance Company Z (that you use)”, and etc.

To: You <[email protected]>
From: Your Bank <[email protected]
Subject: Emergency Notice of Unauthorized Activity (Respond immediately) 

When done right, email authentication defenses will not block this on Your Bank’s behalf because Your Bank does not own, nor associate with the domain “somewhat-legit-looking-domain.com.”

And because most user inboxes and mobile phones only show the sender display name, the email appears legitimate once it arrives.

Always inspect the email address in the header field:

  • Does it appear to be suspicious?
  • But what does suspicious mean?
  • When to mark the email as spam?

No login credentials, payment details, or other sensitive info

Handle emails requesting logins, payment details, or other sensitive data from an unknown or strange sender with high alert.

Rough phishers build fake login pages that mimic the original and then email a link that might look good but takes you to the fake page.

If it redirects you to a login page or informs you of a payment “overdue”, never enter details unless you are absolutely confident that the message is in fact genuine.

Inspect but never click email links

Cybercriminals love hiding malicious links in seemingly legitimate content.

  • Hover links embedded in the body of the message.
  • Don’t click on a link if the address looks strange.
  • Forward the entire message straight to your security experts whenever in doubt.

Double-check for spelling errors in emails

Emails are taken very seriously by brands.

They rarely riddle legitimate messages with spelling errors or grammatical errors.

Take a closer look at your emails.

Report anything that appears to be fishy or out of the ordinary.

Look over the email salutation

Is the email addressed to some nebulous “Valued Customer”?

If that’s the case, be wary! Legitimate companies will almost always use a personal greeting that includes your first and last name. That’s just a standard email practice.

Attackers, however, don’t.

Divulge no personal or business information on email

Most businesses, particularly banks, will never ask for personal information via email.

Similarly, most businesses would have policies in place to prohibit business IPs from being shared outside the company.

Restrain yourself from sending any private information via email! Be it employee details, notes on meetings, or especially contract and specifications of deals.

Question threatening or urgent language in the email subject line

A common phishing technique is to create a sense of urgency or anxiety.

Be wary of subject lines claiming that your “account has been suspended” or requesting that you respond to an “urgent payment request.”

Double-check email signatures

The lack of information in the signature section that usually has details on how to contact the company strongly suggests that it is a phish.

Upon doubt, compare signature formatting with previous emails in your inbox.

Contact information is often provided by legitimate companies. Keep an eye out!

Never open email attachments blindly

A common phishing strategy is to include malicious attachments that contain viruses, malware, and scripts.. Malware will corrupt your files, roam your passwords, and track your activity without your knowledge.

If you receive an email attachment that you did not expect, think twice and do not open it.

Don’t trust the email address’s header

Fraudsters spoof brands not only in the display name but also in the email address header, including the domain name.

Keep in mind that even though the sender’s mail address appears to look valid (e.g. [email protected]), it may not be!

It’s not always who you think when a familiar name pops in your inbox!

Don’t trust everything you see on email

Phishers are highly skilled at their craft.

Many malicious emails contain compelling brand logos, language, and an email address that appears to be true.

With email messages, be cautious! If anything looks suspicious, don’t open it.