It’s estimated that roughly ninety one percent of compromises originate from phishing emails, which are malicious messages designed to deceive recipients into revealing personal information, such as passwords, credit card numbers, or other sensitive data.
These attacks lead to identity theft, financial loss, and other serious consequences. Fortunately, most of these attempts can be easily discovered. In some cases, such as spear phishing and whaling, threat actors take their creativity to the next level with highly targeted and personalized outreach.
These emails appear to come from banks, online services, or trusted organizations. The goal is to lure recipients into clicking on malicious links, downloading infected attachments, or providing personal details.
Common Characteristics
There are a few commonalities among most phishing emails. These consist of the following:
- Suspicious sender address
- Generic greetings
- Sense of urgency or threats
- Poor grammar and spelling
- Suspicious links or attachments
- Requests for personal information
- Unusual offers/information
Let’s say you receive an email from PayPal. You see the famous light and dark blue logo, and the subject line mentions your account being logged in from another location.
Let’s take a look at the email below.
Breaking Down the Phishing Email:
Sender Address: The email comes from “keysosens.com” instead of the official PayPal domain. If you receive an email from a corporation, you are going to see the actual domain and not a suspicious, unrelated domain. In some cases, threat actors will use something similar to the genuine domain such as “pay-pal.com” when in reality, this is not the real domain.
Opener: The email addresses you as “Hi Dear Customer” rather than using your real name. In almost all cases, especially for banking, you will be addressed by your real name. Any generic greetings are almost always a sign that this email was sent to hundreds if not thousands of other people with malicious intent.
Spelling: The email contains poor grammar, which would not be the case if the alert was real. “Hi Dear customer” is not proper grammar, and a reputable company would likely never make this error on their end.
Urgency: The message pressures you to act immediately to avoid account limitations. In reality, there is a threat actor on the other end of the equation who wants you to not question the email. Time sensitive tasks or high pressure is almost always a sign of a threat actor tactic. If you are in doubt, either call the contact directly or go in person to the one making the request.
Links: The link directs to a URL that is not associated with PayPal. Always hover over any links to see a link preview, especially if they were unrequested.
Reporting phishing attempts
Many email providers allow you to report phishing attempts. This helps protect others from similar attacks. If your company has a IT/Security department, show them the email in question so that they can block the sender from the organization.
Conclusion
Phishing emails are a common issue, but you can protect yourself and your personal data by recognizing the signs. Always scrutinize emails for the common characteristics of phishing attempts, and when in doubt, contact the sender directly using official channels. If possible, go directly to the website of the service being mentioned. It’s better to be cautious and protect your information than to fall for a phishing attempt.