We’re always looking for bright minds!
See open positions
Cybersecurity

Hook, line, and sinker – how to spot a phishing email

4 min read

Emails are one of the primary forms of modern communication – an average person receives a dozen a day, but not all of them have the “Best wishes” attached. During the last year, there have been twice as many phishing attacks, and 96% of them have been delivered by email. Initially, these letters are crafted to withdraw personal information out of the receiver by making them click on malicious links, open infected attachments, or willingly type in their credentials. In this blog post, we’re going to look into 5 signs that separate a phishing email from just your usual inbox content and how not to take the bait of this innocent-looking cyberthreat. 

You opened a phishing email, so what?

First things first, before jumping straight to the signs of fraudulent emails, let’s have a short run-through of why you should care about it. So you opened a phishing email, so what? Nothing terrible happened, right? Well, that depends on a few things:

1. What you received and how it looks. There are a few types of phishing email scams. Some contain malware – malicious software, which after being installed, can collect various data over time. Others may trick you into giving away your data freely. The damage depends on what data was taken or given and when, e.g., if you gave your financial information, withdrawals can be made straight away, but if it’s just your email address, it may be sold on the dark web later on. 

2. Was it personal or business. In 2019 alone, 88% of worldwide organizations experienced phishing attacks, 22% of them resulting in data breaches costing around 3.86 million dollars on average per breach. And most importantly, 95% of these breaches happened due to human error – someone clicking the wrong link. And who would like to be the one costing their company 4 million dollars because of one email?

3. Timing and goal of the attack. Some attacks come to fruition straight away. Others can take time. There are instances where company data is released for sale on the dark web years later after the initial breach. If you opened an email, clicked on the link and nothing happened, it doesn’t mean that it’ll stay that way in the future. 

The red flags of an email scam 

A clear tendency of phishing attacks is that they’re getting more and more realistic, meaning that it’s harder to spot a fake if you’re not a professional working in a cybersecurity area. However, not all of them are like that, and there are obvious signs that even a naked eye can detect:

1. Faulty email or web addresses

The goal of a phishing email is to make it look legitimate, and at first glance, they mostly do. However, if you take a closer look at the details enclosed, you may start to question its source, e.g., you receive an email from “Company,” but the email domain is @gmail.com and not @company.com. It’s always advisable to check if the information in the email matches the company’s official website. However, if they match, it still doesn’t guarantee that it’s not a fake – if you can look these details up, cybercriminals can, too. So, if all looks legit, the next thing to look through is the content. 

2. Request to confirm information

That’s a red flag in itself. This phishing scam is also popular via phone calls with people pretending to be officials and asking you to disclose sensitive data. The same goes for emails – if someone asks you to type in login or other credentials, don’t. Try to reach out to the original company the email was supposed to come from and report it. It’s an extremely rare case that a business would ask you to do this type of thing via email. Usually, it’s done via their original website or using dedicated authentication software. 

3. Sense of urgency

Phishing emails work because they create stress and panic. After reading the message, you’re supposed to feel pressured to do what was asked of you. Basically, the attackers are using psychology to manipulate you into doing the things they want to. It’s a major red flag that something is not right there. If some email is especially alarming to you, resist any action and seek information from the authentic company or person. Better yet, report it.

4. Faulty copy or design

Scammers aren’t professional copywriters or designers – yes, some may possess more talent than others, but they’re prone to leave mistakes. Be sure to look at all content elements and see if they have the same professional standard as the company’s original emails or other content. Look for mistakes, less quality email style, and you’ll sniff out phishing scams in no time.

5. Suspicious links or attachments 

If the link address in the attachment is something out of another context whatsoever, or the attachment is nothing like you’ve ever seen before, don’t click on them or do anything else. If you get an email from a company with an attachment when it has never sent any attachments before, don’t open it. Chances are, it’s phishing. The same goes for links – if there are any links where it wasn’t before, check its legitimacy twice before going for any clicks. And after that check, it’s advised to check once more. 

Here’s an example of a phishing email with the red flags listed and highlighted for you:


Knowledge is your weapon

Phishing scam usually starts from cybercriminals obtaining your email address. Meaning you may have been breached before, and you should put some protections in place so that it doesn’t happen again (you can read more about it on our blog here). However, where phishing is concerned – knowledge and awareness are the top tools in your cybersecurity kit. Even the most advanced security systems can let through phishing emails, so knowing the signs and evaluating everything that comes into your inbox before taking action is the best action plan to avoid being hooked, lined, and sunk by it.