Phishing is one of the most prevalent and efficient ways for cyber criminals to exploit employees and gain access to sensitive data. Instead of looking for system vulnerabilities, they are targeting human ones by creating sophisticated campaigns intended to trick you and your staff into providing sensitive data to them.
Because phishing directly targets people, awareness and education are among the best way to combat this cyber-threat. With threats that intentionally bypass technology, the end-users receiving them are truly the last line of defense for your network.
Real Deal or Phishing?
Do you know how to spot a phishing email?
Take a look at the following 7 emails and see if you think they are real or not. Check the answers below to see how cyber-savvy you really are.
#1 O365 Email Confirmation
#2 Amazon Password Assistance
#3 IRS Final Notice
#4 Mail Delivery Failure Report
#5 FedEx Delivery Notice
#6 Invoice Due
#7 Login Alert
Now that you have all of your answers, let’s review each example and see if it’s the real deal or a fake.
NOTE: If you want to see additional examples that you can also share with you team, check out the bottom of this post for details on where to view a daily threat example.)
#1 – PHISHING
The first clue within the email is the generic greeting. A valid email from a service you subscribe to will personalize their communications to you,not refer to you as “Dear User”.
The sender’s email domain is another red flag. If this was a legit communication from Microsoft, it would be from the Microsoft domain.
Hovering over (without clicking!) the blue call-to-action button in the email reveals another red flag – the actual destination URL. It is not sending you to the Microsoft site or your O365 login.
One other small thing in the sender’s name are the 2 little dots over the first “o” in Microsoft. Those minor details are easy to overlook, but even the slightest thing should be enough to make you think twice.
Finally, the tactic used – imploring you to confirm your password – is very common for this type of phishing attack. The hope is that the recipient feels the stress and fear of losing access to his or her email and reacts quickly to resolve that emotion.
#2 – REAL DEAL
This e-mail was sent from @amazon.com.
It’s written in official style without mistakes, and the link takes you to amazon.com.
With an email like this, if you know you just requested a password reset and then you receive this and have verified the domain details and the email itself, you can proceed with confidence.
But what do you do if you didn’t request a password reset, and the email looks official?
The best thing to do under those circumstances is to navigate directly to the known site in a clean browser window, and log into your account that way. If you have difficulty logging in, you may want to try contacting the vendor by phone.
#3 – PHISHING
The most obvious indication that this is a phishing email is the email domain. Any official communication coming from the IRS would use their “IRS.gov” URL. But the domain for this message is “birchconnect.com” which has no affiliation with the government agency.
If you hover over the link for the words “Get Billing Summary”, it reveals another domain, also not related to the official domain for the government agency.
This email also creates a sense of urgency through the use of strong language, a large red message about the amount that is supposedly due and the threat to seize the recipient’s property or tax return.
#4 – PHISHING
The biggest clue here is the email domain. Any official communication from a vendor like Microsoft will use a recognizable Microsoft domain.
As with the other phishing emails, you can also hover over both instances of linked text and see that the actual destination URL is not a Microsoft site.
The tactic here is a common one – the author of this scam is playing on the recipient’s emotion. In this case, it’s fear of not getting important business emails.
#5 – PHISHING
This is also a fake.
The red flags to note here are:
- The sender’s email domain – any official FedEx email will come from a FedEx domain
- There should be an “s” in Logistics in the sender’s name
- The FedEx logo in the upper left corner is distorted
- The lack of personalization
- The actual destination URL does not take you to a FedEx site
If you happen to be expecting a package from FedEx, most likely you also have the tracking #. So if an email like this gives you pause, then go to the official FedEx site and plug in the tracking # to get the current status.
If you aren’t expecting a delivery, that’s another red flag in and of itself. But the architects of these types of scams are counting on the fact that you will be curious enough about what you’re getting to overlook the many red flags associated with this scam.
#6 – PHISHING
This type of vague email is also a common social engineering tactic.
The fact that it is so vague and generic is really the biggest red flag here. Think about it logically – if and when you receive invoices from vendors, are they lacking in this many important or even basic details?
It’s not even possible to determine who this is supposedly from, because it’s just signed “Accounts Payable” and the short sentence says it’s an invoice “from us.”
Even the minimal language is suspect – Due Invoice sounds awkward, as you would expect it to read “Invoice Due”.
Once again the destination URL for the linked text doesn’t match.
The trap here is that the vagueness of this will result in a click, because of someone’s need to know who this is from, or fear that they will default on a payment. But if none of your vendors have ever sent you an invoice in this manner, that alone should be enough to call a foul.
#7 – REAL DEAL
This one is real.
In this case, I largely knew because I had just logged into that account with a different computer. So the timing matched up.
But I also took it a step further and did a google search to confirm that “facebookmail.com” is an official Facebook domain. It only took a minute before I found a reference to this as a legitimate domain in Facebook's help section.
Had I not attempted that login, I would have been more suspicious. That alert could either mean that someone was trying to hack my account, or it could be phishing.
By hovering over the “Review Login” button, you can confirm that it also takes you to an official Facebook domain.
But another option if you had any lingering doubts about the validity of the email would be to navigate on your own to Facebook and log in. From there, you would be able to see and manage any account alerts.
Steps to Take Upon Receipt of any Email You Suspect is a Fake
If you know it’s a fake already, simply delete it.
In some cases, it may be advisable to take a screen shot of it and send that around to alert your co-workers so that no one else is duped by it. If it's your classic "Nigerian Prince" email, you probably don't need to take this action; but if you come across something particularly clever that almost tricked you, chances are others are getting it as well, and they might not be as cautious.
It's best not to send the actual email, just to avoid any accidental clicks on the links that you know to be malicious.
If you’re unsure about an email, try putting the subject line and/or domain into your browser’s search field, and see what comes up.
In the IRS example, the #1 returned result from a search of “IRS Important Notice BirchConnect” confirmed this as a known malicious email.
Best practice for any email is to navigate to the account or service in question on your own, and log in directly to the known, trusted site. If there really is an issue with your Facebook or PayPal account, then that information can be found by logging in directly.
There is no need to follow the link provided in an unsolicited email. In fact, by not following it, you are defending against the possibility of being duped by a realistic looking email. Whenever possible, you want to stay completely in control of where you land on the internet.
Other things to pay attention to are the timing (would your boss or your grandmother really email you at 2 AM?), the From and To lines, any misspellings, poor grammar or weird phrasing, the real destination of any linked text, and if the tone of the email is creating a sense of urgency.
Even the smallest incorrect or inconsistent detail should be enough to convince you to stop and validate the request independent of the email before proceeding.
Just like you, we get new phishing emails daily. And we want you to be aware of the active ones, but it's not practical to email you every single time we get a new or clever one. Which is why we've started sharing at least one example daily on our Twitter, Facebook, Instagram and LinkedIn pages.
Check out these "Today's Threat Alert" posts on any of these mediums and stay up-to-date on the latest email threats and the noted red flags.
Want more great technology updates, news and other industry information delivered directly to your inbox? Subscribe to the blog and each week you'll get new useful tech news you can use!