There has been a lot of discussion about Email Fraud and Phishing lately. Email is still the largest threat vector for hacking and information theft. Email phishing is one of the best way to obtain access to accounts, but what is email phishing really?
Phishing is when a 3rd party, typically a hacker or malicious website, uses the brand identity of a company to lull a user into exposing private information. Phishing emails target email address with an email that looks just like a legitimate service provider to implant malware in a download or obtain login credentials for that domain. For example, you might receive an email that looks like it comes from a financial institution like Paypal (see mine below) asking you to download a document or go to a link to stop or start a transaction, or change your password.
Identifying Phishing Emails
Phishing groups and hackers are constantly changing their patterns to improve both their targeting and the effectiveness of their emails in order to exploit users, but there are a few characteristics in common for every phishing email.
Phishing emails leverage a strong brand
In my example, the “From” email address used Paypal’s, but I have seen it with many big brands, especially in credit cards, financial, banking and insurance industries. Ask yourself: Do you really have an account? Is this the email address for that account? Have you done anything with the account lately?
There is a sense of urgency
The email will require you to “act soon” or it will cost you money. This sense of urgency makes you react before you think. Take a breath before acting on any email that looks really important.
Some phishing emails, like the one above, look good on the surface. For example, the logos look correct, the fonts and color scheme are appropriate and some of the language is even straight from legitimate emails. However, when you read deeper you can see spelling mistakes, grammatical errors or other areas where it is clear the writer was not a native English speaker. Notice above that “DeLL” is not written correctly nor is the phrase “This not you?” proper English. Take a moment to read the information presented in the email and check grammar and spelling.
“From” domain and Return Path Domain will not match
It is relatively easy to spoof a “From” address. Email Standards allow 3rd party emailers to send email on behalf of another domain, otherwise inbox providers like Google and Outlook.com or bulk email providers could not send email for the business or personal domains they host. If “From” and Return Path do not match and the Return Path looks random or shady, it’s a good chance you have a phishing email. Further, most companies will not use a 3rd party to send important account information emails like the one above, but their own internal servers. Check the Return Path email address in the header to see if it looks legitimate.
There is an attachment
If you are required to download anything that you did not ask the company for, then it is probably a phishing email and may contain malware. Even PDFs or DOCs can contain malware payloads. At minimum, they are trying to lull you into thinking that their fake document is valid so that they can get personal, private or financial data from you. Do not download attachments you did not ask for.
Links on the page go to a different domain
Often a phishing email will include a link to a 3rd or 4th domain or just to an IP address. The goal here is to get you to click unsuspectedly on any link so they can further the con and grab your information when you attempt to login to their fake website. Sometimes the domains even look like subdomains or related domains. Always check links before clicking on them. If in doubt of any link, open a clean window and navigate to the company’s website and login to your account from there to check on the issue.
MxToolbox is the expert in email delivery, including the prevention of fraud and phishing. Our focus is to help companies reduce the threat to their brand so that their customers, users and employees can trust that emails “From” their domain are legitimate. Our Fraud Center product leverages international standards DMARC, DKIM and SPF combined with cutting edge algorithms to help small-enterprise companies halt phishing emails from their domain. Learn More
Pingback: Identifying Email Phishing | MxToolbox Blog