How to recognise Email Spam and Phishing Emails

How to recognise Email Spam and Phishing Emails

If you have an email address you will get spam, it’s an unfortunate by-product of having a presence on the internet. It is reported that anywhere between 80 – 90 % of all email on the internet is spam.

Whilst most spam is purely annoying and time-wasting, about 2.5% can do some very serious damage.

However, more than 99% of these attacks require some form of interaction to succeed which can result in unwittingly disclosing personal data or unwittingly installing malware.

The saying goes “it takes two to tango” so if you keep your guard up and be vigilant, you can prevent being a victim by refusing to click any suspicious links or attachments.

So what is Phishing?

“Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details, and passwords.

The information is then used to access important accounts and can result in identity theft and financial loss.”

Source: https://www.phishing.org/

Should I Use Anti-Spam and Anti-Virus Software?

My recommendation is YES! Once you have installed the software this will be your first line of defence as it not only marks email as spam, it can prevent virus, malware and phishing attacks. However none are 100% full proof so you still need to be vigilant of suspicious emails

So how do you recognise these dangerous emails?

  1. Emails asking you to click links to either “Login” or requesting you “update user information,” or to sign in “immediately”.

    If an attacker sends a request for personal information in this way, then you know something is suspicious and that you should treat this email with caution. One easy way to recognise this type of phishing exercise and know if the link is genuine is as follows:-

    On a PC “Hover-Over” or “Mouse-Over” the link (do not click) and the link address will be displayed in the bottom of your window.

    On a mobile (Android, Apple) Pressing and hold down the link with your finger or stylus. Wait until the embedded link is encapsulated in a “bubble shape”, then lift your finger or stylus from the link. The menu will display the link and options which you can ignore.

    Check the link matches what you would expect, i.e. if the email was from PayPal the link would be to https://www.paypal.com/*** or if the email was from your bank it would be https://www.yourbankname.com/***

    If it is not, and it is something completely different, then you will know this is definitely a phishing link trying to steal your information and you should not follow the link.

  2. Emails with suspicious attachments

    Unexpected or suspicious email attachments should never be opened. They may execute a disguised program (malware, adware, spyware, virus, etc.) that could damage or steal your data. Malicious files are mostly in the .docx format or .zip format. Do not open unless you know the sender and was expecting these files from them. .exe files should never be opened and most good email clients block these as a matter of course as they are executable files (meaning they can run a program)

  3. Check the ‘From’ address of the email:

    Is it a valid address for the company the email is claiming to represent? It may be similar to the company’s email address but if it is not identical then it shouldn’t be trusted. If it relates in no way to the company the email is claiming to represent then it is unlikely that it is valid. You also should check the actual ‘From’ email address as the display name/email address that you see in the ‘From’ field on the email can be spoofed to look like a valid address. In Outlook you can hover over the ‘From’ address and view the full details to confirm the actual email address is the same.  If you are unsure then you can try googling the email address to see if that provides you with any indication as to whether it is a valid address for the company in question.

  4. Emails demanding Urgent Action

    Emails threatening a negative consequence, or a loss of opportunity unless urgent action is taken, are often phishing emails. Attackers often use this approach to rush recipients into action before they have had the opportunity to study the email for potential flaws or inconsistencies.

  5. Emails with bad grammar and spelling mistakes

    Possibly one of the easiest ways to recognise a spam or phishing email is bad grammar or spelling mistakes. An email from a legitimate organisation should be well written. Phishing emails often contain poor spelling or grammar.

  6. Emails with unfamiliar Greetings or Salutations

    Is the message addressed to a generic recipient, such as “Valued Customer” or “Sir/Madam?” If so, be careful & think twice! Legitimate businesses will often use your real first and last name. The fraudsters may have your email address but they are unlikely to have your name.

  7. Inconsistency in Email addresses, links and domain names

    Another way how to spot phishing is by finding inconsistencies in email addresses, links and domain names. Just because a link says it’s going to send you to one place, doesn’t mean it’s going to. Double check URLs. If the link in the text isn’t identical to the URL displayed as the cursor hovers over the link (as discussed in point 1), that’s a sure sign you will be taken to a site you don’t want to visit. If a hyperlink’s URL doesn’t seem correct, or doesn’t match the context of the email, don’t trust it. Ensure additional security by hovering your mouse over embedded links (without clicking!) and ensure the link begins with https://.

  8. To Good to Be True emails

    Too good to be true emails are those which incentivize the recipient to click on a link or open an attachment by claiming there will be a reward of some nature. If the sender of the email is unfamiliar or the recipient did not initiate the contact, the likelihood is this is a phishing email.

This is not an exhaustive list, but should go a long way to help you identify Spam and Phishing Emails.

Example email I received recently which has several points indicating it as suspicious

Example Spam Email

We hope you find this article useful but if you want to find out more about this article or our Web Design services, please contact:-

Andy Barnish
Webvision
Tel: 966 470 482
Mob: 699 972 089
Email: andyb@webvision.es