Detecting a phishing email

Christmas and New Year are usually happy moments, families, people, lights on the streets, ex-pats flying home, gifts… but, it is a very good season for phishing emails too, in both environments, personal and enterprise.

This article is just a collection of rules, more focus on enterprise environments but applicable to both, to try to educate our employees or ourselves to prevent ransomware infections or any other infection received by email. They are not golden rules, just some basic guidelines to follow by email users.

  • Do not trust the displayed name of who the email is from: Just because it says it is coming from someone you know or trust does not mean that it truly is. Check the email address to confirm the real sender. Different email clients have different ways to do this but, basically, it is something that it can be done with just one click.
  • Check the email signature: Usually, legitimate enterprise users include a full signature block at the bottom of their emails. If it is there, check if it is correct. If it is from someone that you have exchange previous emails and suddenly the signature is not there, be suspicious.
  • Consider the salutation: People tend to address the person is sending the email to. If the salutation is vague, or generic i.e. “valued customers” or just addressing the recipient by title i.e. “Dear Accountant”, be suspicious.
  • Check for spelling errors: All of us make mistakes when writing, some people write in a language that it is not theirs but, in general, we have autocorrection (not always for good) and people concern about spelling and be grammatically correct. Attackers usually are careless about this kind of details.
  • Double-check the links: Hover or mouse over the different links on the email before you click. If the text showed looks strange or does not match what the link description says, do not click on it.
  • Is the email asking for personal information?: Legitimate companies are unlikely to ask for personal information by email. In some cases, they actively remind you about this. As an example, I am sure everyone here has received these emails from the bank reminding you they will never ask you anything by email.
  • Be careful with attachments: If you have any doubts about the email do not click on the attachments, it does not matter how legit they look or the nice name they have. Contact the sender of the email, if possible, to confirm the legitimacy.
  • Beware of urgency: Emails like this, sometimes, try to push some sense of urgency to push recipients to be unwise and focus on what the email says and ignore the warning signals. Do not do that, take your time (it is going to take a minute) to check the email or do a few basic checkings about the legitimacy. As an example, the typical email from the CEO to the accountant “Hi, I am John Doe (CEO), I need you to transfer 1 million to xxxxxx or we are going to lose the deal…”
  • Better safe than sorry: If you see some signals that make you doubt of the legitimacy of an email, contact your SOC if you have one, the sender or use your common sense.

As I have said, just a few basic and common-sense advice that we, sometimes, forget.

Detecting a phishing email

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.