Recently, someone contacted Solutions Review to ask an interesting question: what does a phishing email attack actually look like? What should you look for to recognize a phishing email or message before it infects your network?
Obviously, these are important questions. In fact, every enterprise needs to face these questions. Yes your email junk mail might just clog up your inbox. However, each one could end up as a phishing attack.
Moreover, each phishing attack could compromise critical credentials and thus allow hackers uncontested network access. Further, phishing attacks can target bank account numbers, credit card information, or privileged access—all of which could devastate your profits. So you need to recognize a phishing attack as early as possible.
Here’s our guide as to how:
How to Recognize a Phishing Email (Before It Strikes)
Before we go into details on how to recognize a phishing email, we need to note the irony of this endeavor. After all, the whole point of a phishing email is to blend in as a normal email. Hackers design everything from the URL to the logo to the style and tone of the attack itself to resemble a normal email.
Whether it tries to replicate your business’ bank messages or one of your C-level executives to your IT security team itself, phishing attacks work to make themselves hard to spot. Yet, the signs exist.
1. Watch for Urgency
Yes, sometimes a particular project or communication might necessitate speed. However, hackers exploit this sense of urgency to get users to ignore significant issues in fake messages.
For example, a hacker could threaten users with password expiration if they don’t change their password at a provided link. Worse, they place the users on a limited time to make them feel the pressure. Therefore, they ignore potential warning signs and make more errors.
Watch for emails that require password resets or other kinds of resets. Most enterprises and businesses would find other ways to communicate the need for password resets.
2. Watch for Emails That Automatically Open Links
Emails should never open links or web pages automatically. This is an immediate warning sign. Start your incident response the moment this occurs.
3. Beware for Requests For Money (Or Odd Requests)
Apart from expected invoices, you should dismiss requests for money over email. That should go without saying.
At the same time, you need to watch out for odd requests that could compromise sensitive information. For example, a common phishing attack goes like this:
- A hacker poses as a C-level executive and reaches out to their immediate subordinates.
- The subordinates receive a request to use a company credit card to purchase gift cards (as a company gift or a holiday gift, something that vein).
- “Conveniently” the email provides a link for the subordinates to follow to order these gift cards, i.e. a spoofed website.
- The employees input the credit card as requested and compromise this financial information.
For external requests, you should have other means of verifying whether the request is legitimate. This could mean literally calling them directly (not using phone numbers provided by the email) or contacting them in person to verify the charges.
4. Worry About The Links and Downloads
Unless it comes from a trusted, recognized source, don’t click links and don’t download in emails. These could direct you to a spoofed page that asks you for your credentials of financial information; these pages allow hackers to just take the inputted information. However, the links or downloads could also execute a fileless malware attack or a ransomware attack.
If you have some reason to trust an email, you should still check to make the hyperlink actually leads to where you want to go. Watch for errors or deviations from the normal links (Dropbox versus Drapbox). If you notice these errors, don’t click the link and alert your IT team immediately.
Speaking of which…
5. Watch Out For Other Errors
Phishing errors rarely if ever meet the standards of professionalism of the enterprises they impersonate. Unlike legitimate emails, they often contain spelling or grammatical errors; not every hacker speaks the language of their target, and it can show. Alternatively, the logos in the email may use the wrong color schemes or look “off” in some way. Finally, watch the email address; if it looks like nonsense, don’t trust it.
We hope you find this walkthrough helpful! For practical solutions on mitigating the effectiveness of phishing attacks, check out our SIEM Buyer’s Guide.
Latest posts by Ben Canner (see all)
- A Conversation with Travis Knapp-Prasek of NCC Group on Phishing Attacks - April 2, 2020
- The Marriott 2020 Breach: What You Need to Know - April 1, 2020
- Business SIEM Advice for After the End of Coronavirus - March 31, 2020