How to spot phishing mails
Phishing is one of the biggest and fastest growing cyber threats in the world. According to reports from cyber security companies, phishing is still the most common method used by cyber criminals to obtain sensitive data or money. Both organisations and individuals can suffer significant financial losses as a result of phishing attacks, whether through direct financial losses or consequential costs such as system restoration and reputational damage. We will show you ten features that you can use to spot phishing emails.
The most common form of phishing is the sending of emails where attackers send emails that appear to come from legitimate companies or organisations. These emails often contain links to fraudulent websites or attachments containing malware. The aim is to trick the recipient into entering access data or opening the malicious file.
A third of users click on malicious content in phishing emails. It is therefore important to recognise phishing emails reliably. The following ten characteristics will help you to spot phishing emails:
1. Unrelated subject
You receive an email that appears to come from a well-known person or organisation, but the sender’s request seems unusual. This alone could be an indication of a phishing email. Think twice before opening the attachments in the email or clicking on links. Also check whether the request is related to a transaction in the past and whether the attempted communication could be a response to previous communication.
2. Urgent requests
Many phishing emails try to put pressure on the recipient by signalling urgency. Failure to comply can allegedly have serious consequences, such as the closure of an account or the loss of winnings. Sometimes appeals are made to the conscience; donations are requested or help is demanded.
3. The email contains links, attachments or forms
The primary aim of a phishing email is to persuade the recipient to take further action. This is why such emails often contain links to fake websites that look deceptively similar to the real ones. Forms in which sensitive data such as PINs or TANs are requested are also a red flag – especially because banks never request such information by email. Attachments, such as images or PDF files, are also a favourite tool of criminals. Clicking on such attachments can load viruses or malware onto the computer or redirect the user to a phishing site.
4. Unusually impersonal form of address
Emails that do not contain a personal salutation but begin with general phrases such as ‘Dear customer’ could be phishing attempts. Reputable companies always address their customers personally.
5. Forged email address
It is worth taking a closer look, even if the sender and recipient addresses appear correct at first glance. In so-called ‘homographic attacks’, characters are used that look similar but have different meanings. For example, a capital ‘O’ may have been replaced by the number ‘0’. Recognising this is often not so easy – especially if you are in a hurry and your mailbox is filling up at breakneck speed.
Since internationalised domain names have been permitted, this procedure has become particularly common. For example, the Cyrillic and Latin letters ‘а’ and ‘a’ are very similar. Other Cyrillic letters such as ‘с’, ‘е’, ‘о’, ‘р’, ‘х’ and ‘у’ also look confusingly similar to the Latin letters ‘c’, ‘e’, ‘o’, ‘p’, ‘x’ and ‘y’. This allows fake domain names to be created that look like real websites but lead to phishing sites. It is highly advisable to scrutinise the email header with special tools.
6. The subject line attracts attention
Subject lines such as ‘You have won’, ‘Redeem your prize now’ or ‘Your account has been blocked’ often indicate phishing attacks. Critical information or urgent matters are usually sent by letter post and not by email. Offers that sound too good to be true often are not.
There is a particular danger if the message comes across as personal, such as ‘Why don’t you reply’ or ‘I found this, have a look’. This is an attempt to arouse the recipient’s curiosity. In some cases, such phishing emails even contain real passwords that originate from data theft.
7. Spelling and grammatical errors
Emails with many spelling or grammatical errors are a clear sign of phishing. This is particularly true if the email contains an unusual mixture of German and English or is written in poor German.
However, a lot has happened in terms of technology: artificial intelligence is now able to write error-free texts including phishing emails. As a result, it is becoming increasingly difficult to recognise phishing by the quality of the text and phishing is becoming scalable.
The quality of the artificially generated texts is very high, and variations of a phishing email can also be generated effortlessly, which are then all the better adapted to the respective context or the previous course of the conversation. This is all the more true when social engineering is used in advance.
8. Formatting errors
Phishing emails often contain formatting errors, such as umlauts that are not displayed correctly, e.g. a instead of ä or o instead of ö. Black boxes that replace missing characters or remnants of HTML code as well as changing fonts and an inconsistent layout are also suspicious.
9. Wrong sender address
A popular trick with phishing emails is the use of sender addresses that look very similar to well-known companies or organisations, but differ in small details. For example, a letter may be missing, turning ‘amazon.de’ into ‘amzon.de’, which can easily be overlooked when the email is read casually. This procedure is related to typosquatting and domainsquatting, i.e. the registration of domain names that are very similar to names, brands or other protected designations.
10. Wrong recipient address
If an email has been sent to an address other than the one you normally use for a particular account, you should be suspicious. Think about whether you really entered this address when you set up your account.
How to fend off phishing emails
Effective protection against phishing emails can be achieved with special software that recognises and blocks fraud attempts before the email even appears in your inbox. Good anti-phishing software scans every incoming email and ensures that you only receive messages that are categorised as safe.
When choosing the right software, it is important to make sure that it checks whether the email actually originates from the specified sender. This can be done, for example, by checking the sender’s reputation and recognising homographic attacks. In addition, the software should offer effective management of attachments and be able to ‘recognise’ your communication partners. This prevents harmless emails from important contacts from being inadvertently blocked.
Awareness raising among employees
Comprehensive employee sensitisation is just as important: one click is all it takes – and your entire IT environment is compromised and your company is at risk. Training that simulates realistic threats can reduce the likelihood of employees falling for real phishing attempts or other attacks.
It helps companies to be better prepared for cyber threats, identify vulnerabilities, increase employee security awareness and improve the overall security of the organisation.
For example, employees learn how to effectively fend off phishing attacks based on behaviour-based phishing attacks or customisable spear phishing campaigns.
Not yet using NoSpamProxy?
With NoSpamProxy you can reliably protect your company from cyber attacks. Request your free trial version now!
