Spotting and Reporting Phishing Emails: A Step-by-Step Guide

/ Cyber Attack / By

Email is very common thing that many people receive almost every day. But one thing that you need to be careful is among all of the emails that you receive that might be a phishing email. This type of email is very dangerous so it is important for you to be able to identify it when you receive one.

Phishing Email

What is Phishing Email?

The phishing itself is a social engineering technique used by hackers so the target will reveal sensitive information such as account data. Then after the hackers got your information they can use it, install malware or even make new credential inside your system so they can take even more data from the system.

To do the phishing, hackers will send phishing email which pretend to be coming from a legit source such as organization, companies, government agency, even bank. Then using the emails, the hackers will put a link so you will click it. 

Once you click the link then they will take you to a page where they will ask you to install a app with malware or to confirm your date and filling it into the website. The website itself usually also a fake website that is created to mimic the real website so you could not recognize it. 

Then you will ask to give information about your account or other personal data by login into your account. Once you give your account information then the hackers will take over your account to login into the real website and do malicious things on it.

How to Identify Phishing Email?

Phishing email will try to pretend to be coming from a legit source so it is important for you to identify it to not become the victim. Here are some things usually see on the fake email that you can use to identify them:

Email that come from popular organization, companies, government agency, even bank

Hackers will send you email pretend to be coming from popular organization, companies, government agency, shipping company even bank. The reason is because people usually expect to receive these types of email. So, most likely they would believe that the fake email really come from the legit source. 

So, when you receive an email, even if it is coming from popular organization, companies, government agency, even bank that you really use, you need to double check whether the email really come from them or not. 

One method to check it is by contacting the real company through other method to double check. For example, you can contact them through the company’s phone number, customers service, or other email address. 

Email that asks for information

Another thing that you need to pay attention is to when the emails are asking information about your account. Whether it is your SSN, passwords, credential, insurance number, and many other. Email from legit source would not be asking that information. 

Email with threats or urgent 

Hackers will try to cloud your judgement by threating you or pretend that you need to complete something within short amount of time. For example, an email that says they suspend your account so you need to click a link to unlock it.

Usually, urgency will make people cannot think straight so they would do whatever the hackers want. So, you need to be careful when an email that urge you to do something within short amount of time because they are most likely to be fake email.

Email with spelling and grammar errors

Legit email will not have any spelling and grammar errors since the sender will be very strict in reviewing the message that they send. But phishing emails usually have some spelling and grammar errors that you can detect.

Email with links

Hackers will usually send email with links for you to click and will take you to sites with malware. They will disguise the links in fake URL so you will think that it’s the real website. 

But before you click on the link, it is better to inspect it first by hovering your mouse on top of the pink. Then you will see the real URL on the lower left of your screen of your browser. 

Another thing that you can do is to just search the real website of the real company that sending you the email using search engine to find the real URL. Then you can login to the real website provided by the search engine instead of the email.

Email with generic greeting

Hackers will not know your name or account information so they will address the email that they send without actually mentioning your name. You can see it on the greetings that they use which usually very generic. 

Email with fake signature

Another part of the phishing email that you need to see is the signature. Usually, legit company will put a contact with very accurate detail for their signature. So, if the signature is inaccurate, incomplete or contain general information that open to public then most likely it is fake.

But even if they mention a name or contact in the signature, you should try to search that name and contact using search engine to make sure that they are real. Another method is you can contact the company directly using other method to check if the person mention in the email is real and ask them to connect you to the person using that other method instead of the email.

Email with attachments

Hackers often equip their emails with Raas application that will install malware into your device. This application can be disguised as other file format such as RAR, doc, JPG, text and many other common formats. So, do not download any attachment that are send through email especially if you doubt the identity of the sender.

Double check the email sender

If you use email client then usually you will see the sender in the from field. However, this from field can actually be forged so it will disguise the fake sender as if it comes from legit source. 

So, you need to double check the email sender. One way that you can do is to use an email client that has security built inside that help you to identify the real sender of the email. 

Email that wants you to enable macros

For a ransomware to work, it needs macros enabled in the application that it uses such as Microsoft Word. You should never enable macros since legit source would not need it for anything especially for a document file. 

Email without subject or sender

Since most of the time we will suspect an email to be fake by seeing the sender or the subject of the email, some hackers will leave that field empty so you will need to open it to know the content. If you receive this type of email do not open it and delete it immediately.

Email using public domain

Legit company will have their own domain but hackers will use public domain to send their email. So, if the email that you receive coming from public domain such as gmail, yahoomail, Hotmail, and many other domain with weird ending such as xyz then most likely it is a phishing email.

Read More 15 Types of Cyber Attacks You Need to Know

Learn Protecting Yourself from Phishing

Because phishing email is very dangerous you should protect yourself so you would not be the next victim. There are a few things that you can do such as:

  • Install security software
    First thing that you need to do is to secure your devices by installing security software. There are a few security software that you can install such as antivirus, antimalware, firewall, and many other. 
    The software will be able to protect you by automatically cancel the process when you open a website or installing an application with malware. That way if you accidentally click the link in the email then you will still be protected from it.
    However, you should remember to update the software regularly so it can detect new threats. To make it easier you can just turn on the automatic update that the software has in the setting.
  • Activate MFA
    For the account itself, you need to give it extra security by activating the MFA to login. That way when you login you will need to enter a one time code before you can enter the account. 
    That way, even if you accidentally give the hackers your login information, they would not be able to login without the code. 
  • Backup your data
    If you have important data in your device that you do not want to lose no matter what then you need to protect it by backing up your data. You can back it up by uploading it to the cloud or you can put it on an external drive. 
    This is important since hackers might enter the system to steal your data or ruin it so you cannot use it anymore. So, if you have back up then you at least not lose everything.

Conclusion

Phishing email is used by hackers to take your personal information and sensitive data. That is why you need to be able to identify it to not become the victim. Do not forget to also reporting the email as scam to your company if the email that you receive is related to your job.

Tags: phishing email, identify phishing email, fake phishing email, phishing email scam, report phishing email,

Talk to Paireds

Cloud & Security Compliance Automations

Paireds helps companies automate cloud and security compliance with speed and ease – starts with ISO27001

Let’s talk

%d bloggers like this: