It’s no secret the Internet isn’t a safe place, but even if you avoid known malicious websites, sometimes the threats come straight to your inbox.
Sometimes, these emails, known as phishing emails, are so well disguised it’s hard to distinguish them from a safe email.
Users are a business’s biggest vulnerability in terms of cybersecurity, which is why phishing scams are a perfect method for many attackers.
Phishing scams are one of the most notorious cyberattacks, and if you or your users are lured in, they can unknowingly hand over confidential information.
Here at The KR Group, phishing attacks are on the top of our minds as we protect and educate our customers.
This is why we require anti-spam software with managed IT services contracts and include a phishing exercise in our Purple Team Hive Assessment.
We have some tips for helping you identify an email that could be a phishing attack, but before we do, we’ll define phishing in more depth.
What is phishing?
Phishing is a broad attempt by attackers to obtain information from your users and ultimately, deliver malicious content.
An attacker does this by sending out a mass email to a contact list that was acquired from the dark web or research.
The attacker lures users into opening the emails by spoofing email addresses they’re likely to trust from either external authorities (social media, financial institutions, etc.) or using the same or similar domain as your company.
Once a user opens the email, users will likely see a message and a link corresponding with a request.
Clicking the link will direct users to enter confidential information (such as a username and password or credit card information) or have them download a file they believe is innocuous but is embedded with macro viruses.
Once those macros make their way onto a user’s computer, their potential to wreak havoc across your system depends on what firewall protection you have.
The good news is there are some guidelines for spotting an email that may be a phishing scam.
How to spot a phishing email
Most email inboxes are a mix of emails from retailers, digital invoices, and maybe one or two personal emails you’re excited to read.
In the mix, attackers send an email in hopes you won’t pay attention to the details and fall into their trap.
However, there are four questions you should ask yourself about a suspicious email.
- Who is sending the request?
- Is this an email you’d expect in this inbox?
- Can you verify this email is legitimate?
- Does the link address match what the email says?
In most cases, you’ll be able to determine if the email is a phishing email after asking one or two of these questions. The four of them together provide a comprehensive method to examine any suspicious email you receive.
Who is sending the request?
When attackers send phishing emails, one tactic they use is spoofing email addresses of internal employees.
They’ll pose as a person from inside your company and make a request, hoping you don’t question the request.
A common phishing email that follows this protocol is an attacker posing as an IT manager and asking for you to make an update. In a spear-phishing campaign, this request could be posed from an executive asking employees from the finance department to enter credit card information.
This should be a red flag because most executives and IT managers don’t rely on email (and solely email) for these requests.
Typically, an IT manager isn’t going to ask you to make an update to your own computer. They’ll tell you they’ll be going around making updates or ask you for a time to work with you on an update.
With billing information, an executive is not going to ask you for unsolicited credit card numbers over email.
Action: Ask the sender to confirm they sent the email.
Since this request will be out of the blue, you should be suspicious of this email, and reach out to whoever you believe sent it.
Whether you reach out to the source in person, over the phone, or in a new email (not replying to the phishing scam), ask them to confirm that the request came from them.
However, do not reply directly to the suspicious email since that continues to engage the malicious actor on the other side of the spoofed email address
Is this an email you’d expect in your personal email?
Another tactic that attackers use in phishing scams is spoofing email addresses of a trusted site, such as financial institutions or social media sites.
These emails often alert you there has been a problem with your online account and you need to resolve it. It lures you into entering your user name, old password, and a new password.
In the case of a phishing email from a spoofed financial institution email, they might also ask you to confirm your identity and enter credit card or account information.
Action: Check the email address tied to the request.
One red flag you can use to identify this sort of phishing attack is the email shows up in the wrong inbox. While you might have a bank or social media account from the spoofed account, it’s unlikely your work email address is tied to those accounts.
Can I validate this email is legitimate?
You can’t count on attackers being sloppy and sending a disguised email to an email address unassociated with the spoofed site, though.
If you get an email to your personal email, or if you receive a request tied to an account associated with your work email, you’ll still need to verify the legitimacy of the request to check if the email is indeed a phishing scam.
Action: Verify the request with the source
If your email address is tied to the account, it doesn’t mean you should automatically trust it.
Financial institutions typically won’t notify you of problems with your account through email but call you instead. To double-check the request, call your financial institution (and not using the phone number listed on the malicious site) to confirm the problem.
If the phishing scam is posed from a social media address, you can check your account on the actual website (not using any links included in the email or landing page) to see if you have any notifications about needing to update your account information.
In either case, if you feel the need to update your password, do so using the process on the website.
Does the link address match what the email says?
The first two problems and solutions rely on your intuition, and it’s not a foolproof way to have users avoid falling prey to phishing scams.
However, since phishing scams rely on using a hyperlink directing you to a link to enter your information, you can use the link’s web address to determine if the email is a phishing scam.
An easy way to check if the email is malicious is if this link matches where the email says it is directing to you.
Action: Verify the link.
By hovering your cursor over the hyperlink (and not clicking on it) the corresponding link address should appear in the bottom left corner of the window.
For example, if you have an email from LinkedIn and the link doesn’t start with https://www.linkedin.com, it isn’t actually from LinkedIn.
With some malicious links, you might be able to obviously determine it does not match with the request. With others, you might have to closely examine the link address and double-check against the actual web address associated with that website
What should you do with a phishing email?
The most important thing to do with a phishing email is to not click on links or send a reply.
However, there is a process for responding to a phishing scam, which includes three steps.
- Report the email
- Delete the email
- Protect yourself from future phishing emails
If followed correctly, ideally, you won’t have to worry about phishing emails in your inbox.
Report the email
If you received a phishing email in your work inbox, you should report it to your IT department and follow any policies your company has for malicious emails.
Don’t delete the email until your IT manager gives you the all-clear.
From there, you can also report it to the Cyber Security and Infrastructure Security Agency (a branch of the Department of Homeland Security) and your email provider.
You can also notify the company who appeared to send the email, so they can notify their users.
Delete the email
This step is fairly straightforward. You simply move the email from your inbox to your trash.
Doing so only gets rid of the problematic email you just received, though.
Protect yourself from future phishing emails
First, you should block the email address who sent the phishing email. This will prevent you from having any repeat lures show up in your inbox.
However, that doesn’t protect you from other attacks.
While there is no perfect method to prevent 100% of spam, including phishing emails, you can take measures to protect your user’s inboxes with an anti-spam software.
These programs filter unsolicited emails (mass emails, spam, phishing emails, etc.) from making their way into your inbox. While many email providers have some level of anti-spam technology built into them, they often aren’t strict enough to prevent the majority of spam.
While it is better late than never to implement anti-spam software, it performs best if it’s deployed proactively before malicious emails make their way into your users’ inboxes.
Our suggestions for phishing prevention
Whether you’re reacting to a phishing attack or hoping to prevent one, when it comes to protecting your users’ emails, implement a third-party anti-spam software will help reduce the number of phishing emails that show up in your inbox.
However, no anti-spam software is perfect, so the most important tool you have to preventing any kind of breach is user education.
For more information, download our free infographic about how user education can strengthen your security posture.