What do Phishing Emails Look Like? (7 Things to Look Out For)

by Robert Best on July 31, 2019
Find me on:

what is phishing

Over 3 billion phishing emails are sent every day. So, the chances are each day at least one or two will make it into your inbox. The trouble is phishing emails have become a lot harder to spot then they were a few years ago.

So, what do phishing emails look like now?

We are going to help you understand what modern phishing emails look by showing you what to look for in a phishing email.

Phishing is a social engineering tactic that preys on human error. They are designed to trick people into taking an action that will then lead to them stealing sensitive information or infecting your device with a virus.

Here are are our seven tips so you can know what a phishing email looks like.

Check the sender address

A common tactic among cybercriminals is spoofing the display name on an email. Most inboxes present the display name, so by spoofing a genuine name the email is likely to be opened.

What is harder to spoof is the domain name the email is coming from, the @domainname.com at the end of an address (e.g. @gmail.com). So even if you recognise the display name, check the domain address and if you are unsure, then don't open the email.

Check the domain name

As I said in the first tip, it's not easy to spoof a domain name, but they can come close to it. As anyone can buy a domain name, it's easy enough to buy a domain that is one letter different to the domain you're pretending to be. For example, you could use the domain amzon.co.uk.

When you check the domain name, check it carefully. We can easily misread a misspelt word, especially if there is only a one-letter difference. The better known the brand is, a spoof of it will fool the more people.

Look at links before clicking them

The purpose of almost all phishing emails is for you to click a link. That link will either lead directly to a virus or to a landing page designed to gather your sensitive information.

Hover your mouse over any link before clicking on it. If the address looks weird or isn't what you expected, don't click on the link. If you want to check a link first, open a browser window and type in the domain part of the web address to see if it's genuine.

Are they requesting sensitive information via email?

If you receive an unsolicited email asking you to provide sensitive information, it is likely a scam. Most companies will never send you an email asking for confidential information unless you request them to (password reset for example)

Most companies go to great lengths to stress that they won't ask for sensitive information, especially via email. If you follow a link to a webpage that asks for sensitive information, you must be 100% sure it is genuine.

email security

Beware of urgent or scare language in the subject line

Creating a sense of urgency is a popular phishing email tactic. Beware of emails saying you have a limited time to take action (unless it's an Amazon Prime sale!).

Scare tactics are also common in phishing emails. Be wary of subject lines saying your 'account has been suspended' or 'there has been an unauthorised login attempt to your account'. If you're unsure, follow the rest of the tips in this article.

Beware of attachments

When was the last time a genuine company sent you an email with an attachment? It will only happen if you have requested something or bought something from them. If you get an unsolicited email with an attachment its most likely a phishing email.

Yes, there are times when a company will send you an attachment, but you will usually have done something to request it, such as a whitepaper download. If you're unsure, then hover over the link (and follow the rest of the tips in this article).

Review the signature

Does the email have a signature, and if it does, does it lack detail? Lack of contact information or details of the sender can be a sign of a phishing email.

Do the links work in the email? Scammers can take screengrabs of legitimate signatures, but by doing that, they can't include links in the text. If it does include links hover over the links, like the earlier tip, to see if they are genuine.

Conclusion

Even the best spam filters will not stop every single phishing email. Some of them are too good to be caught by the filter. That is why it is so essential to understand the common traits of a phishing email.

By knowing the tactics cybercriminals like to use, you can know what phishing emails look like. Knowing what to look for will make it less likely for you to fall victim to a phishing email.

We can help you set up email protection and anti-spam filters to help reduce the number of phishing emails that make it to your inbox. For more information contact us here, email hello@infotech.co.uk or call 01634 52 52 52

the definitive guide to social engineering and phishing

Join The Conversation

Please leave your comments below