“Phishing” refers to an attempt by criminals to trick people into revealing sensitive personal information, especially banking and financial details. These attempts are delivered mainly either via email or text message. In this article, I’ll be explaining phishing email.
In the early days, phishing attempts were quite crude. However, over time they have become more and more sophisticated, even to the point of replicating official company logos and emulating web pages. A phishing email will invariably try to induce people into clicking an embedded malicious link or opening a malicious attachment, per medium of some sort of scare tactic.
That said, there are still several traits that make phishing email quite easy to identify once you know what to look for.
Common Phishing Traits
First of all, the number one rule is to always be highly suspicious of any unsolicited email and treat same with the utmost caution. Never, under any circumstances, reply to unsolicited email. Phone the company/organization to verify the source and content.
1) Generic Form of Address: In almost all cases, phishing email will use a generic form of address, such as “Dear Customer”, or none at all. If an email message does not refer to you by name it is most likely a phishing email.
2) Scare Tactics: Phishing email will usually create a sense of urgency to scare you into complying. A typical example might be… “Due to suspicious activity your account has been temporarily blocked. To unblock your account please click the link below and verify your details.
3) Poor English: Poor grammar and/or incorrect spelling used to be a surefire way to identify phishing attempts. However, as the criminals have learned and their methods have become more sophisticated, this trait is no longer as common. That said, if an email message does contain instances of poor grammar and/or incorrect spelling, it is almost certainly a phishing email.
4) Sender’s Email Address: Criminals do their best to make the sender’s email address appear to be as legitimate as possible by incorporating the name of the company/organization supposedly responsible for the email message somewhere in the sender’s email address.
Email domains, (the bit that follows the @ symbol), are a dead giveaway. For example, anything that comes from a public email domain, such as “@gmail.com”, regardless of what precedes it, is almost certainly a phishing attempt.
That said, criminals can and do buy domain names and, although every domain name must be unique, there are plenty of ways to create addresses that are very similar to the the one that’s being spoofed. For example, “accountsupport@microsrftonline.com“. At a casual glance, this sort of email address spoofing is difficult to spot, but closer examination will reveal the anomalies.
5) Embedded Links: Unfortunately, many legitimate and scam email messages hide the destination address within a button, so it’s not immediately apparent where the link leads. So, it’s important to check where links lead before clicking them. Fortunately, this is quite simple:
Hover your mouse cursor over the link and the destination address will appear across the bottom of the window.
Of course, if you’ve spotted any of the traits from 1 through 5, you shouldn’t even be considering clicking any embedded links or opening any attachments anyway.
BOTTOM LINE:
As you can see from the list of traits above, once you know what to look out for, avoiding phishing scams isn’t too difficult. Awareness and caution are key.
Stay safe out there.
—
Another thing is adding this email has been scanned by (insert AV name) to make it seem safe.
I’ve also started getting emails where when you click the sender it doesn’t actually show the email address. People often say Https is a good sign but if a link uses Https it doesn’t mean the site is secure, just that the connection between you and the site is.
If you get any links from banks etc. just delete the email and go to the site directly. I’m sure I’ve even seen some sites avoid links and just tell people to logon to the site
It doesn’t end with E-mail. I just got a letter about added insurance on a 2023 Nissan (DATSUN) that I have never owned. and of course, it had ‘TIME SENSATIVE’ printed to center of the page. Now an even further Delima, IF I called to request if they actually show me on some record somewhere that I did own such a car and who might have made an illegal purchase in my name/ WOUD I be given some sort of true answer or would they just demand more information on me (Phishing) to check it out. Of course, they would readily know if they just posted random car makes and models on such scam outreaches.
Thanks for the heads up, Jim! I’m glad you’re around and on top of this stuff.
Cheers Nicke.