How to Spot a Phishing Email Scam

SMEs have emerged as easy targets for cyber criminals during the Covid-19 pandemic, with cybersecurity firm Cyfima recording a 280% increase in attacks directed at SMEs in the last 10 months.¹

We want to explore the modern phishing email – and how to spot one. Phishing attacks aren’t new, in fact these scams have been catching us out since the mid-90s. However, they are now more sophisticated than ever and growing – targeting larger numbers of people and causing harm to both individuals and organisations.

Phishing is when cyber-criminals create an email to look like it comes from a trusted source. The email is designed to induce a recipient into sharing sensitive information, download malware or visit an infected website.

Business email compromise (BEC) is a form of phishing attack where a cyber-criminal uses compromised email credentials or spoofs a legitimate email address in order to induce an employee to make a wire transfer or payment, or in some cases transfer sensitive data to them. BEC scams are a serious threat to organisations of all sizes and across all sectors. It represents one of the fastest growing cyber-crime operations due to the low cost and high returns².

Criminals are profiting from a world in flux and criminals are duping employees. The average cost of a BEC claim is a little over £50,000³, but mitigating the risk doesn’t need to be expensive. Cyber liability insurance, along with procedures, technology and training ‒ all can protect your business against the threat of cyber-crime.

It’s the responsibility of the recipient to detect a phishing email scam, so when in doubt – here are five clues to look for.

1. The sender email address uses a public email domain

The domain is what comes after the @ symbol. A public email domain is one provided by free email service providers such as Gmail, Yahoo, Outlook and AOL⁴.

e.g. Sara.Smith@gmail.com

In general, organisations have their own email domain and company accounts.

e.g. Sara.Smith@brightcare.co.uk

If the sender has a public email domain when you would expect them to have a company email domain, you can check this by typing the company’s name into a search engine – cross-checking the email domain against the website’s URL.

In the example below, an email is styled professionally, using PayPal’s logo at the top of the message and brand colours throughout. The request is believable; however the sender’s address is paypal@notice-access-273.com. A genuine email from PayPal would have PayPal’s name in the domain name – indicating that it had come from someone at (@) PayPal.⁵

e.g. Sara.Smith@PayPal.com

2. The domain name is spelled incorrectly

Unfortunately, anyone can buy a domain name – and criminals will create addresses that are indistinguishable from the one they’re spoofing.

For example, a hacker could buy the name @brightcore.co.uk – that’s b-r-i-g-h-t-c-o-r-e, rather than b-r-i-g-h-t-c-a-r-e l. So, if an email feels unusual – take a closer look.

 

3. The email is poorly written

If the poor spelling extends to the rest of the email – this could be another clue that the email is a scam.

Many scammers are from non-English-speaking countries and/or from backgrounds where they have limited access or opportunity to learn the language.

With this in mind, look for grammatical mistakes over spelling mistakes. A quick ‘spell-check’ or ‘google-translate’ will give the scammer all the right words but not necessarily in the proper context.

In this example, we received an email from ‘Windows’. No individual word is spelt incorrectly, but the message is full of grammatical errors that a native English speaker generally wouldn’t make, such as ‘We detected something unusual to use an application’.

There are also strings of missed words, such as ‘a malicious user might trying to access.’

Of course, people make mistakes in emails all the time! It is therefore your responsibility as the recipient to look at the context of the error and determine whether it’s a clue to something more sinister. You can do this by asking yourself or a colleague:

• Is it a common sign of a typo (like hitting the adjacent key)?
• Is it a mistake a native English speaker shouldn’t generally make (grammatical incoherence)?
• Is this email a template, which should have been crafted and copy-edited?
• Is it consistent with previous messages I’ve received from this person?

If in doubt – find other means of contacting the person i.e. by telephone or via their website.

 

4. The email includes suspicious attachments or links

No matter how phishing emails are delivered, they all have one thing in common – this is an infected link or attachment that you’ll be encouraged to click on or download.

A suspicious link can be spotted if the destination address doesn’t match the context of the rest of the email. Unfortunately, many legitimate and scam emails hide the destination address in a button or image, so it’s not immediately apparent where the link goes to.

To ensure you don’t fall for schemes like this – train yourself to check where links go before opening them.

• Hover your mouse over the link
• The destination address appears in a small bar along the bottom of the browser

On a mobile device – hold down on the link to show the link destination.

Never assume an unsubscribe link is safe in an email. Always hover over it with your mouse to see what the real website URL is. If the unsubscribe link is in a suspected phishing email, don’t click it — ever.⁶ 

An infected attachment contains malware – in a typical example such as the one below, the scammer claims to be sending an invoice. Even if the recipient expects to receive an invoice from this person, they can’t be sure what the attachment contains until they open it. Once open, the document unleashes malware on the victim’s computer which could perform any number of criminal activities.

5. The message is URGENT!

Scammers know that the longer you think about something, the more likely you are to notice things that don’t quite seem right. So many scam requests ask you to act immediately.

The manufactured sense of urgency is used effectively in workplace scams. As demonstrated in the example below, we are likely to drop everything if our boss emails us with a vital request, especially when other senior colleagues are supposedly waiting on us.

Phishing scams like this are particularly dangerous because employees may be unlikely to confront their boss in this occasion. However organisations that value cyber security would accept that it is better to be safe than sorry and congratulate an employee for their caution.

 

Test your knowledge

Now you know what clues to look for to detect a modern phishing scam, put your skills to the test!

This test should take no longer than 5 minutes, and is a good way to practice challenging the content

of emails.

Share with your team and ensure everyone keeps cyber security a priority.

 

 

 

 

^{Content derived from 5 ways to detect a phishing email}

^{1. https://economictimes.indiatimes.com/tech/tech-bytes/smes-emerge-easy-prey-for-cyber-attacks-as-large-firms-beef-up-security/articleshow/79924436.cms} 

^{2. National Crime Agency}

^{3. Beazley Breach Briefing 2019}

^{4. Zoho: How a public domain sender address affects email deliverability}

^{5. https://www.itgovernance.co.uk/blog/5-ways-to-detect-a-phishing-email}

^{6. The SSL Store: Phishing email examples the best - worst}