Phishing is a hacking technique that involves fraudulently encouraging unsuspecting users to share their account credentials. Often, however, it is possible to recognize phishing emails by paying attention to some details and recurring themes. In this article we explain in detail how to recognize a phishing email, how to protect yourself…
Introduction
Have you ever received an email from "your bank" asking you to enter your personal data, because "your bank account was suspended"?
If the answer is yes, you have been a victim of a Phishing.
In the following paragraphs you will discover not only what this type of cyber fraud but also what they are the most effective ways to recognise it and avoid being deceived.
What is phishing?
The term comes from the English verb "to fish": fraudulent e-mails are in fact used as bait to "fish" the data of the victim users. The scammers' goal is to trick recipients into clicking a link or downloading a malicious attachment.
Attackers’ target are often companies, because they try to gain access to IT infrastructure through credentials stolen from employees. Once they’re done, they can attempt an escalation of system privileges up to the administrator level, which allows complete control.
Once they get administration privileges, criminals can exfiltrate data, do ransomware attacks, and create backdoors to enter again in the compromised Infrastructure later, even if they are discovered.
How to recognise phishing?
While it seems effortless to distinguish a phishing attempt from an effective communication, the truth is that it isn’t always that easy, especially now that attacks are becoming increasingly sophisticated and targeted.
Recognising phishing is becoming harder and harder because of techniques such as Social Engineering, which consists of collecting data on a target user using the information available on Social Networks, in order to personalise the phishing message as much as possible.
In 2021, as a consequence of the pandemic, phishing attacks globally increased by 29% compared to 2020, recognising it as the most reported kind of cyberattack attempt.
If you want to know the best way to protect yourself from these scams, read on and discover the 9 best ways to recognise phishing emails..
A scammer can be very skilled, but usually fraudulent emails aren't perfect: in most cases they have details that will allow you to recognise them.
Let's see them:
1. Sender's name
If you receive an email requesting sensitive data from a person, a bank or another company that isn’t known to you, it might be a scam.
2. The sender's mail address is public
Banks and businesses usually use their own domain as their email address. Therefore, if you receive an email from an organization that is using a “public" email address (such as @gmail.com), don't trust it.
3. Weird logo
Phishing emails may contain the logo of a company. However, it may not have the same dimensions and colors as the original, or it could be in a low resolution. If you find these imperfections, pay attention.
4. Generic opening formulas
Pay attention to the opening formulas used in emails: usually the scammers start messages with standard forms such as "Dear Sirs", because they don’t not always know the targets’ names.
5. Ungrammatical sentences
Fraudulent emails often contain grammatical and spelling errors that reputable companies wouldn’t commit.
6. Unsafe links
It’s a good idea to check any links received by email before opening them. Moving your mouse over them will allow you to check if the URL has spelling errors and if security protocols such as HTTPS are used.
7. Suspicious attachments
Before opening an attachment, make sure it comes from a trusted sender: an attacker could invite you to open documents containing malware or ransomware.
8. Sense of urgency
If there's one thing that all phishing emails have in common, it's the sense of pressure and urgency that bring to the recipient. Before clicking on links or downloading attachments, check if what is written in the email is true.
9. Recurring topics
Cybercriminals often use standard templates and topics to carry out their attacks. Read on to find out what are the most used scams.
What are the most common phishing scams?
There are so many ways that scammers try to effectively attack their victims through phishing.
Learning to recognise these ways will help you to avoid them.
In the next lines you will find out which are the most common phishing email templates:
1. Proposals and offers that are too interesting
Congratulations! You received an email informing that you had won the first prize in the lottery. Wait, which lottery?
Scammers often try to exploit our weaknesses, usually by communicating winnings in lotteries in which we have never participated or by proposing to participate in competitions where the prizes are very interesting. We know it can be hard to resist, but emails like this are very often phishing emails.
2. Money and payment requests
Better to be careful before sending money to people (perhaps unknown) or paying large sums (even if the email apparently comes directly from your work manager!), especially if this should be done by following strange online procedures described in an email.
3. Suspended bank account
If you receive an email from your bank that communicates you that your bank account has been suspended, don't trust it. Apply the methods above to verify if it’s true and contact your bank directly.
4. Order confirmation
Pay attention to emails containing order confirmations that require you to open links or attachments to view the "receipt".
5. Job related
Scams where a sender pretends to be the manager of the company you’re working for and requests the transfer of large sums of money to his account are becoming increasingly popular.
How to protect yourself from phishing?
Now you know how to recognize a phishing email, but how can you protect yourself and what should you do if you find one?
The important thing is: don’t open links and attachments and never send your data. If possible, delete the email without opening it and block the sender.
However, attention may not be enough. Remember that phishing emails are one of the main attack methods, and also one of the most profitable for criminals.
This is why it is important to introduce a service of Email Security able to deal with these threats.
An Email Security solution works like an incoming and outgoing email filter, that allows secure messages to pass and blocks everything else. Yes, outgoing emails too: you don't want someone to try to scam your customers by using an email address of your company, or that an employee, even if in good faith, sends sensitive business documents to his personal email, right
We recommend these two Email Security solutions:
- Libraesva Email Security -> See how it works
- Tessian Email Security -> See how it works
The use of an Email Security service and awareness trainings for the users is your winning strategy against phishing.
What to do if you suspect you've been phished?
Then run one antimalware scan on your device, a backup of all files and proceed to contact an expert that can verify if your network has been compromised.
In conclusion, what you need to do to be protected from phishing is to stay calm, pay attention to details and use a good Email Security system. It’s better to spend a little more time on the topic, than seeing your bank account emptied and your company data stolen or encrypted.
Keep reading…
- Microsoft Copilot: the AI that increases work productivity in Office
Copilot, Microsoft's new generative AI, is designed to optimize productivity in the daily tasks carried out with the Microsoft 365 Suite. Thanks to its advanced artificial intelligence, Copilot offers assistance and suggestions to improve efficiency and simplify operations within the Microsoft ecosystem. - IT security in Italy: analysis of the Clusit 2024 Report
Cyber threats are increasingly numerous and we need to keep up with them it has become a real challenge. To prevent any cyber attacks, companies need to have a detailed overview of the risks of the digital world. It was born for this reason the Clusit Report, a precious tool that offers an annual analysis of security incidents most significant events that have occurred globally, with particular attention to Italy. - DORA regulation and IT risk: the article by Distline's Compliance Manager published on Cybersecurity360
The renowned newspaper Cybersecurity360 published an article written by us Compliance Manager entitled "DORA and cyber risk: automation of the evaluation process of ICT service providers”.
- Distline is certified according to ISO 9001 and ISO/IEC 27001 standards
In Distline we are committed every day to providing high quality, secure, reliable and innovative IT services to meet the needs and expectations of our Customers.
This is why we are proud to announce the certificazione of our Quality and Information Security Management Systems according to standards ISO 9001. e ISO / IEC 27001! A very important stage in our process continuous improvement.
- Why XDR is essential in 2023
XDR is a Cybersecurity technology that extends the ability to detect and respond to emerging and sophisticated threats by analysing and correlating data from different security products.
In a landscape where cyber attacks are increasingly targeted, you need to have a global view of cyber threats in a single interface. In this way, you don't need to use many platforms.
In the following article we will explain in detail what XDR features are and why it is a tool that Distline strongly recommends. - How to recognise phishing emails
Phishing is a hacking technique that consists in fraudulently tricking unsuspecting users into sharing their account credentials. However, it's often possible to recognize phishing emails by paying attention to some details and recurring topics. In this article we explain in detail how to recognise a phishing email, how to protect yourself and what to do if you suspect you are the victim of an attack.