Tips on Identifying a Phishing Scheme

Phishing Emails and How to Identify Them

Phishing schemes are everywhere and affect a huge number of individual users and businesses. In fact, they cost businesses around the world over $6 billion each year. Half of all internet users receive at least one phishing email a day. Some phishing emails are outlandish and seem like obvious frauds while others look very convincing.

Businesses must have security measures in place to defend against these scams and training for their employees to identify the difference between legitimate emails and phishing scams. While there isn’t a single technique to recognise a phishing scheme in every case, the following tips can help determine whether an email should be treated with suspicion.

Piles of credit cards with a fishhook on a computer keyboard

Mismatched URLs

If you see a link in an email, don’t click on it straight away. First, rest your cursor over the top of the link to see whether the address matches the embedded link. The URL in a phishing message often appears to be perfectly legitimate, while the address can be completely different. This is a sign that the message is malicious or fraudulent. Some warning signs include a string of cryptic numbers or .exe files, which are used to spread malicious software.

 

Spoof Domain Names

Many phishing emails attempt to use official branding/graphics or misleading domain names in an attempt to look like they represent a legitimate organisation. To identify a misleading domain name, look at the last part of it to see if it ends in the proper parent domain.

For example, “info.itconnexion.com” could be a child domain of “itconnexion.com” (the parent domain). The name that appears at the end of the domain name on the right hand side indicates where it originated. If it ends in something else, e.g. “info.itconnexion.maliciousdomainname.com” it’s an indication that it doesn’t actually come from the parent domain.

Phishing scammers commonly use this tactic to impersonate big companies like Google, Apple, or a bank. You should always check the domain name, especially when you are entering passwords or other sensitive information online.

 

Vague Greetings and Requests For Personal Information

Legitimate organisations will always use personal salutations and know your name rather than greeting you with something like “Dear Customer”. Similarly, they would never ask for personal credentials through emails. Both are warning signs of a potential scam.

 

Poor Spelling and Grammar

Reputable companies and brands tend to review their messages for spelling and grammar mistakes. While everyone is prone to making the occasional spelling or grammar error, it’s worth double-checking just in case it is a scam. Professional organisations usually take steps to ensure a mass email will not go out before stringently checking it.

 

Unrealistic Threats or Urgency

Emails that invoke a sense of urgency or threat are a common tactic in phishing scams. Claims like “your account is about to be suspended” or that your account had an “unauthorised login attempt” should always be carefully verified. Take the time to evaluate the legitimacy of the message and its sender and cross-reference any claims made through official channels. For example, banks would never suspend your account for not replying to an email.

 

Quality IT Security Services

ITConnexion is a Melbourne based IT services company that provides comprehensive IT security services, which are tailored according to specific needs of your business. Contact our team today to find out more about how we can protect your organisation.