+44-113-357-2020

Teaching you how to phish

Date

27/10/2020

Written by

Airnow


This blog is a quick-fire 5 part guide on how to detect phishing scams, one of the most common methods of cybercrime. Phishing is a form of social engineering in which cybercriminals attempt to trick victims into giving sensitive information to them by passing off as a legitimate organisation. This is usually done by requesting personal information by confirming accounts by giving away your passwords or clicking a link which then infects your PC. Despite many people believing that such attacks are easily detectable, the statistics suggest that many are still in the dark. Verizon’s Data Breach Investigations Report revealed that over 2/3 data breaches involved social engineering attacks such as phishing. So let’s try and turn those statistics around and get phishing aware.


1. The email address is from a public domain.


One of the most sure-fire ways to detect a phishing attack is to look at the email address of the sender. If the email is sent from a public domain, your suspicions should be raised.

Taking this image above as an example, whilst the name of the company ‘Amazon’ is in the email address making it appear genuine at first glance. Yet if you look closer you can detect that the email is phoney by looking at the domain name. In this case ‘AmazonUpdate@efficaciousrbays.xyz’ is replaced with the official ‘@amazon.co.uk’ or ‘.com’.


2. Spelling mistakes or bad grammar

Emails from legitimate companies extremely rarely if ever make spelling errors. Phishing scammers, however, often contain errors. The moment you see a spelling mistake or bad grammar it is a big indicator that the email you are reading could be a scam.


3. Create a sense of urgency/panic

Phishing scams often try to increase the likelihood of success by instilling a sense of urgency or panic in the victim which makes them more likely to give away their information rashly. For example, users may be asked to react to a sale which ends imminently. Or, rather ironically, that your account has been compromised and you need to verify your account by confirming your details.


4. Suspicious links

A quick and easy way to check if the link in an email is legit, you can hover your cursor over it. If the email does not match the address displayed, you can bet your bottom dollar that something phishy is going on.


5. Logo

Often if you look very closely at the logo on the email you can tell that it is a fake because it appears slightly different from the legitimate. Take a look at this example:

Can you spot the difference between the fake logo and the real one? Scammers can be pretty good, but if you look closely enough you can detect certain differences between the two, this may even be a slight blur or a shade of colour change but a little difference means a lot.

Those are our top five quick-fire tips on how to detect a phishing attack. Remember, if the email asks you to confirm your personal information, or if it just sounds too good to be true (“you are entitled to X amount of money), it probably is.

For more information about phishing and expert advice on all matters of cybersecurity, please visit our website at Airnow and do not hesitate to get in contact with the team.

References
https://www.omdia.com/resources/product-content/verizon-2020-data-breach-investigations-report-phishing-and-credential-theft-top-the-list-of-successful-tactics-int005-000130