Do you know how to spot a phishing email? A phishing email is a danger to everyone, personal computer users and business computer users alike. Theses types of emails are designed to trick the recipient into performing a certain action. Typically, this action involves clicking on links within the email, which contain viruses or that automatically install malware (software designed for a malicious purpose) on your computer. The intended action could also be to get you, the reader, to send money or personal banking information and social security numbers by using scare tactics.
The most difficult part of protecting against these fraudulent emails is that they can seem “normal”. The email may appear to originate from a friend, relative, or colleague. Maybe your boss is on vacation and “he” sends you an email saying you need to wire him $5,000 because of an emergency. Maybe the email is from someone you don’t know but seems legitimate because it includes personal information about a relevant topic. Other times it’s a short email crafted in such a way that it really piques your interest. “Hey, here’s a link to more information about that bank deposit you were asking about….”
While there are certain precautions that can be taken in order to protect computer systems from malware and viruses, nothing can protect your system 100%. Your IT department can install anti-malware and anti-virus software, your email system can have a robust anti-spam filter on it but phishing emails can still make their way to your inbox. The only sure way to combat phishing emails is for the recipient to recognize them for what they are and delete them from their system immediately.
Recently, an employee here at Burgess received one of these phishing emails and recognized right away that something was “off”. She created these top tips to help users learn how to spot a bogus email.
The Email is Unsolicited
The email that was received was completely out of the blue and our technician didn’t know the person sending it or what they were even talking about. Indication #1 that this was a phishing email.
Email Header/Sender Don’t Match
Next, she checked the email header. Though the email came from “Seg Group LTD” she noticed that the email is was sent from was “firstname.lastname@example.org”. Mismatched sender names & emails are another strong indication that the email is not legitimate.
The Email Contains Unsolicited Email Attachments or Links
Though this particular email didn’t have any file attachments, many phishing emails do. We strongly encourage users to delete emails containing unsolicited attachments from their system immediately, without opening them.
This email did contain a supposed link to a “Deposite Detail” Excel Spreadsheet. However, the technician hovered over the link (WITHOUT CLICKING) and noticed that the link was actually pointing to an unknown, untrusted website NOT a Google Document.
If the technician had clicked the link, there’s a very high chance a malicious piece of software would have been installed on her computer, encrypting all of her files. What would you do if suddenly, without warning, every single file on your computer was completely inaccessible? The results are often devastating and it’s something we have seen happen to many Maine businesses. When files become encrypted, the cyber criminals will offer a ransom for the key needed to decrypt the files. This is known as CryptoLocker and comes at a hefty price.
Makes Promises “Too Good to Be True”
This email contained a link to a “deposite detail”, no doubt trying to pique the recipient’s interest into clicking on it.
When the font and text is examined, it’s quick to see that this email contains spelling mistakes and a mixture of fonts that are not consistent with the American English alphabet.
This email contained no email signature. Though this isn’t always an indication of a phishing email, it is something that should be considered.
Asking for Personal Information
Any email that is asking for personal information including banking information or social security numbers should be disregarded. No reputable company will seek information in this manner.
Sender is Asking for Money or Makes Threats
Another immediate indication that an email is bogus is if the sender is asking for money or makes threats for non-compliance. It’s particularly important to help elderly relatives and neighbors identify these types of scams, as they are often easy targets and preyed upon frequently.
Outdated Company Logos or Information
This may be harder for people outside of the technology industry to identify, but it should be noted. This email uses and outdated company logo for Google, which helped us identify that it was not legitimate.
When it comes to phishing emails, an end user can never be too careful. Be sure to notify family, friends and others within your company of any suspicious email, and alert your IT Department. When deleting from the inbox, be sure to empty the “Trash” to ensure it’s gone for good!