How to spot a phishing email.
How to spot a phishing email.
Embedded Files
The most common form of cyber attack is the phishing email. In fact 80% of cyber attacks on a company start with a tricking an employee to do something. These messages are carefully designed to fool you
Here are four ways to spot a “bad” (phishing or scam) email.
1. The “From” “Display Name” is different to the email address.
1. The “From” “Display Name” is different to the email address.
At the top of an email message it shows the the Display name so you know who it is from.
In a legitimate email it will often look like this:
"Mike Peters" mike.peters@company.com
Bad actors will change the name so it looks like it is coming from someone else. For example:
“Mike Peters” bob.frederickson@gotmail.com
Sometimes they will even write out the email address in the Display name to make it more convincing. For example:
"Mike Peters" mike.peters@company.com" bob.frederickson@gotmail.com
So the first step to check to make sure that the Display name and email address are the same.
2. The “From” email address is different to the email address in the signature.
2. The “From” email address is different to the email address in the signature.
The next trick the bad actors use is to use a fake email signature to make it look the message came from someone else.
So to spot this compare the Display name at the top of the message with the email signature at the bottom of the message.
“Mike Peters” bob.frederickson@gotmail.com
Dear Colleague,
Please can you buy me $1,000,000 in iTunes gift cards using your company credit card.
Sincere Regards,
Mike Peters
VP of IT
mike.peters@company.com
Notice how the email address in the Display name at the top and the email signature at the bottom are different?
3. The message urges you to take action.
3. The message urges you to take action.
The next clue is the bad actor asks you to take urgent action. For example:
Your email Account is overloaded and will be Shut down if you do not log to verify your account details immediately.
If you get an email telling you that if you don't take action immediately something bad will happen, take a moment to trust but verify this is correct. For example
4. Web links do not match hover over text.
4. Web links do not match hover over text.
Another clue that a message is a phishing attempt is if you hover over a hyperlink and address is different to what is written out. For example:
Go to www.companysite.com [www.notyourcompany.com] to verify your Password now.
These tips serve as good guidelines however if you are ever in any doubt the best piece of advice to protect yourself is "if in doubt, type it out."
Type out the senders real email address before sending the reply.
Type out the real web address instead of clicking on the link.
Black Vest Tech can help with cybersecurity training for your organization. Contact us for more information.
Google Sites
Report abuse