In-house prevention

It’s high season for phishing – here’s how to spot fraudulent emails before they cause any harm

6 Minutes reading

Your employees have probably already received emails seemingly coming from a bank or other popular online service, requesting that they “confirm” their account credentials or credit card numbers. This is a common phishing technique – if they click on the link in the email, they give way to hackers and their malicious intentions. Unfortunately, phishing lures are constantly changing – and they’re sometimes hard to recognize.

Phishing is a form of social engineering attack in which the criminal wants to gain access to login credentials, to get confidential information, or to deliver malware. If you work in a small company, you, too, should believe that the scammers behind phishing attacks would like to break into your business accounts; this is their favorite way.

Scammers know that there’s a good chance that the message will be scanned for malicious content by the security software of your mail provider. Gmail, for example, is very good at diverting such things to a junk folder.

Hackers often use crises as opportunities for their spiteful attempts, so it is no surprise that, when the coronavirus pandemic started to unfold, malware also began to spread faster in cyberspace. In April 2020, the BBC wrote that Google was blocking more than 100 million phishing emails a day, while almost a fifth were scam emails related to the coronavirus.

A similar scenario repeats during the Russian invasion of Ukraine as Google’s Threat Analysis Group (TAG) informs: “Government-backed actors from China, Iran, North Korea, and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open malicious emails or click malicious links.”

Hackers also take use of various significant events or holidays, including Christmas. Unfortunately, cybercriminals don’t take vacations. And their tactics tend to get more sophisticated from year to year.

So how do you recognize suspicious emails? Here's what to watch out for:

1) Look at the email address

If you are not familiar with it, be careful with the content of the message. Scammers’ email addresses used to be easier to identify. They were anonymous, or had very generic names with many numbers. Sometimes, the sender’s email address didn’t match the sender’s name or the content of the message. Now it can be trickier. Receiving emails from financial institutions with whom you have no relationship is obviously suspicious. But if you get an email from your bank, closely review the email address and take note if the sender requests your login credentials – which they should not. In some cases, the email address is the only sign of a scam due to convincing design and email content.

2) Think about the salutation

It can signal whether the sender is reliable or not. Well, everyone can be a “Dear Customer” or “Madame/Sir.” Maybe it is not a big deal, but it definitely signals that the sender doesn't really know much about you. However, if a message does include your real name, that is no guarantee, either. There are many ways of obtaining that information. In fact, sometimes, it can simply be harvested from your full email identifier. If the email doesn’t seem to be addressed to anyone, it was blind copied to you – and, probably, any number of other people.

3) Expect the worst from attached files or unfamiliar links

They might contain a malware or send you to a malicious web destination. If you are at all suspicious, don’t open them. Competent service providers don’t send messages requiring you to log in via an embedded link. Also pay special attention to attached files – once they are opened, these attachments can give someone else complete control over your computer, initiate attacks on other computers, or send spam to any contact in your address book.

4) Note if the email is written with grammar mistakes

Yes, poor grammar is a sign of phishing. Always be suspicious, even if you are not a language teacher. Looking for unusual language and vocabulary, or misspelled words, can help prevent your organization from becoming the next victim of cybercriminals. Keep in mind that bad spelling and other grammar mistakes are more common with located phishing mails that have been translated from other languages. This kind of attack has become far rarer today, but the basic form of attack hasn’t changed much – only the quality of the social engineering and the far more professional presentation.

5) Suspicious urgency? The scammer wants you to panic

Desperately calling for help, urgently seeking rescue, blackmailing and attacking your emotions? Beware; these are often the tactics of a cybercriminal. Do not answer an email if it uses phrasing such as: “If you do not respond within 48 hours, your account will be canceled,” or “If you don't answer, your account will be automatically deactivated.”

6)  Too scary or too good to be true? It’s probably a scam 

Remember that social engineering focuses on human weaknesses. Does the email promise you money? Does it suggest you inherited a fortune? Be careful, and try to look for the same message in Google’s search engine. You'll probably find that thousands of other people have received the same fraudulent message. But you also have to know that cybercriminals using social engineering methods are trying to keep up with trends, for example, shopping platforms. If a criminal sends you an email posing as Amazon and telling you that there was an issue with your order, then asking you to provide personal information…don’t. Especially not on Black Friday, when 11% of emails are more than just annoying, and they may deliver you harmful content in addition to a discount offer. 


7) Strange timing. Phishing emails often land in your mailbox around 4 AM

Sure, some of your hardworking colleagues may send emails at this hour, but if you spot other suspicious aspects mentioned above, watch out. 

8) The subject differs from the message. That should warn you immediately 

The subject line is apples, but the message only mentions oranges? The subject of a phishing email often has nothing to do with the message. Or it mentions services you never applied for.

9) Homoglyph attacks arrive on the scene

Homoglyph attacks rely on replacing characters in addresses with ones that look similar – or are even optically identical – but belong to different alphabets. These attacks are extremely dangerous for users because there is a very limited chance of detecting the trap. Like the attack on PayPal users, in which the addresses contained the “correct letters” taken from the Latin alphabet – with two exceptions. The attackers replaced both instances of the letter P with a “P” look-alike letter, but from a different alphabet. This “P” look-alike letter was taken from the Russian alphabet, where it is equivalent to the letter R. With this kind of attack, you are dependent on protective technologies.

TIP: Are you able to recognize phishing? Take this quiz to find out. 

Keep reading