5 ways to spot a “phishing” email

“Phishing” is a term used to describe the activity of defrauding an online account holder of personal or financial information by posing as a legitimate company. The most common form of phishing on the internet is through email – you’ve almost certainly had them appear in your inbox – emails that look like they come from a legitimate source, but upon closer inspection, don’t.

Here’s a few things to look for to help you asses whether an email you’ve received is genuine or not, using a typical example that appeared in my inbox a little earlier…

Tip 1: Check the sender’s email address:

Phishing Tip 1: Check sender email
Don’t just assume that because an email arrives from “Apple support” that it’s from Apple Support – have a look at the sender’s email address in the above example… wouldn’t you expect an email from Apple to come from an email domain like “apple.com” or “apple.co.uk” rather than from a domain like “web4.profiwh.com”?
Cravat: It’s very easy for a malicious sender to “spoof” an email address to make it look like it comes from a real/official email account. Therefore, even if the sender’s email address appears legitimate, be sure to take into account the other tips on this page…

Tip 2: Does the email refer to you by name?

Phishing Tip 2: Does the email refer to you by name
If an email originates from a genuine organization who already know your name, why would they refer to you as “Dear customer”, or “Dear user”? Rather, legitimate organizations of which you’re a customer should explicitly address you informally by your first name, or more formally by your salutation + surname, etc.
Cravat: Even if an email refers to you by name, that doesn’t automatically mean the email will be genuine. If the organization which the email purports to be from has suffered a hack or data breach, your name and email address may be known to a malicious user who may have crafted the email you’ve received to trick you into divulging more information. Therefore, even if an email refers to you by name, be sure to take into account the other tips on this page…

Tip 3: What URL is the email trying to get you to visit?

Phishing Tip 3: Check the URL
Most email client’s will display the web address of any link or button in an email when you simply “hover” your mouse cursor over it. Always do this before deciding whether to click a link/button or not. When looking at a web address, always look at the last part of it. As per Tip 1, if the email really was from Apple Support, we’d expect links to point to web addresses ending “.apple.com” – not ending “.updated-secure.com”.
Another common technique used by those sending phishing emails is to use domains that look like official domains. For example, a malicious user could register the domain “app1e.com” (where the letter “l” has been replaced by a number “1”) or “appIe.com” (where the letter “l” has been replaced with an upper-case I). Under some fonts and “l”, “I”, and “1” can look very similar, so be wary, and if in doubt, don’t click the link!

Tip 4: Does the email contain poor grammar/typos?

Phishing Tip 4: Check the grammar/spelling
Plenty of phishing emails have been crafted by non-English speaking people – as such, you’ll often find grammar and typos throughout the email body. Of interest in the above example is the letter case of the word “Itunes”. Apple always use the letter case “iTunes” where referring to their service.

Tip 5: Does the email contain bad formatting or poorly encoded characters?

Phishing Tip 5: Check formatting and encoding
Examples such as “©” above are an indication that an email has been improperly encoded, or perhaps even written in a different language (character set). You wouldn’t expect a real email from Apple to contain such encoding issues.
Cravat: Occasionally, genuine emails can have the odd encoding issue with non-standard characters such as copyright symbols or even pound “£” signs. Therefore, even if an email contains encoding issues, be sure to take into account the other tips on this page also.

Summary

If you’ve not worked it out already, the above is an example of a phishing email, which should be disregarded, without any links within being followed.
The above tips should aid in your determination of whether emails you receive purporting to be from organizations you may be a customer of are in fact genuine.
If in doubt, air on the side of caution, and don’t click any links. Instead visit the organization’s website manually and look at their news/updates, etc page to see if there’s any indication that they’re contacting customers, and/or contact the organization directly to inquire whether the email you’ve received is genuine.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s