18 Oct PHISHING: HOW TO DETECT FRAUDULENT EMAILS

If you receive an email where someone asks you to share any confidential information, to open attached files or to click on a link, it may be a phishing attempt.

Phishing is one of the most known cyber threats, as explained here.

Cybercriminals always come up with new ways to trick even vigilant users, however phishing emails often feature at least a couple of elements that are a clear indication of their fraudulent nature.

Here is a list of what users should look for to spot fraudulent emails:

Sender’s email address

Check the email address the unsolicited message is coming from: fraudulent emails are sometimes sent from free accounts (such as @ gmail.com), but more often they imitate and spoof on known brands or organisations. Therefore, it is always advisable to take a closer look at the sender’s email address: the name of official websites is often modified by even changing just one letter in the hope that the user will not notice it. Some examples below:

john.smith@nameofyourbank.com becomes

john.smith@nameoryourbank.com

customerservice@officialoffice.com becomes

customerservice@officialloffice.com

Email subject line

Phishers often use sensational subject lines for their emails, which often exploit urgency and pressure in order to trick victims into clicking.

Some examples below:

Urgent reminder: account termination

Overdue payment ref. invoice 07057/2019

Data update urgently required

Today, users are more aware of fake prize and lottery win notifications, therefore cybercriminals are changing their approach and are opting for manipulative scare tactics.

Email attachments

It may seem unnecessary in light of today’s increased users’ awareness, however it is always good to remember not to open file attachments in an unsolicited email. Attachments in the most common formats like .doc, .xls, .ppt or compressed attachments may contain viruses that can infect your device, and eventually steal all the data it contains.

Links

When it comes to links displayed in an unsolicited email, it is always advisable to hover over them to verify their actual final destination.

Users should pay particular attention to the final part of the URLs, as it is there that the final web address appears.

https://www.webservices.nameofyourbank.com becomes

http://www.nameofyourbank.webservices.com/verify/87037829.htm

Https or Padlock Icon

If users click on a suspicious link, it is also good practice to look for https in the web address or a padlock icon in the browser window, as they indicate whether or not it is secure. 

Impersonalized Messages

Beware of impersonalised emails, such as the ones beginning with «Hello» or «Dear customer». They can be phishing attempts.

Highly personalized messages

Beware of highly personalized messages, where users are correctly addressed and perhaps a colleague or an event they regularly participate to are mentioned. Cybercriminals know how and where to find similar information. Previously mentioned tips should not be skipped even of the sender seems a legitimate one. 

Grammatical Errors

Emails containing typos and poor grammar often indicate a phishing attempt. 

Conclusions

Phishing concerns us all and may happen to anyone, with very unpleasant consequences.

Never trust seemingly legitimate email addresses or websites, never respond to unsolicited emails and never click on links even if the messages received display logos or customer service phone numbers that seem authentic.

The email elements mentioned above should be regularly checked and their verification should become a daily routine.

Whenever possible, users should protect their accounts through strong authentication, also known as two-factor authentication, which requires a second password or code when signing in.

Always keep in mind that neither your bank nor MyBank will never ask customers and users their credentials, confidential information or sensitive data.