During a livestream, we aren't always able to cover everything on our agenda. As was the case in our livestream with NOC Manager Sean Jacobs when he took us through a live phishing attack from both the attacker's and victim's perspectives.
You can see part of the recorded livestream on the right. Though we were able to show what a phishing attack looks like and how easy it is to unwittingly give away your password to a malicious third-party, we missed the most important part: How to identify a phishing attack and what to do when you are being phished.
Well, Sean and I put our heads together. From the livestream demonstration, we came up with a list of 9 “Red Flags” to target that will help you determine whether an email is legitimate or it’s a phishing attack. Phishers are getting a lot more creative than you probably think. So, even though some of these may seem like no brainers, one of the “email flags” below could help you identify a phishing attack so you can avoid it. Let's get started!
Email Red Flags Target #1: Unfamiliar Sending Addresses
Have you ever received a message from this person? Is that person asking you to click on something or download an attachment?
Attackers will often "spoof" an authority's email address to trick you into taking action. However, if the message comes from out of the blue and it's also asking you to make a change to your account, you should be cautious. In this situation, reach out to the person who supposedly wrote the email to confirm its legitimacy.
Note: Do not reply to the email directly using the “reply” function. Instead, contact the sender by phone or in person. If phishing agents sent the message, they could be the ones who reply back.
Email Red Flags Target #2: Errors in the Sending Address
If you are familiar with the sending address, inspect it closely for any misspellings. Instead of spoofing an email address, attackers will simply make a new domain that looks ALMOST like the real thing.
Check for things like extra periods or S’s in the sender address. Be sure there are no missing letters or slightly different spelling. When we read words we tend to not read every letter. Two emails with similar addresses can be easy to confuse when there’s only a single letter separating one domain name from the other.
Email Red Flags Target #3: Urgency Verbiage
Attackers will use language to make you act quickly and without thinking. They will say you must act immediately or risk having a negative outcome, such as losing access to your account or paying a fine. They’re hoping to incite panic so you click on something you shouldn’t or will fall for their scam.
Don't panic. Instead, stay calm and look for other email red flags.
Email Red Flags Target #4: Bogus/Mismatched URL Links
These are links that say one thing, but take you to a different place when you click on it. You can often easily detect this red flag by hovering your mouse of the link included in the email. However, many phishing attacks now try to work around this by using shortened URLs in their emails. So, using a free shortened URL checker solution to inspect the link’s destination without having to follow it can be incredibly helpful.
Don't click the link if you are suspicious of the real address displayed when you hover your mouse over it. If you want to visit a particular website that you’re familiar with, you can always manually type in the URL you know to be true in your web browser. Or, you could save the website in your bookmarks to make visiting it error-free.
Email Red Flags Target #5: Unfamiliar Sender IP Addresses
For our more technical users, look at the message headers to see where the message actually originated from. You can get a list of IP addresses your company uses from your IT department, or at the very least, send the message headers for them to analyze.
Many clever email spoof attempts can recreate accurate-looking email addresses using alternate or foreign-language characters that look like standard English letters and symbols (but aren’t).
For example, could you tell a Greek question mark apart from a semi-colon at a glance? Because both characters look very similar.
By checking sending IP addresses on incoming messages, you can thwart email spoofing techniques that recreate sender names and domain addresses.
Email Red Flags Target #6: Requests to Submit Login Info
Remember when I said phishers are getting more creative? Instead of asking you to reply back to their email with your password, they will direct you to a fake landing page where you can enter your password for them. These landing pages can be convincing, but by taking a closer look, you can still spot the fakes.
To start, look at the URL, and if it is unrelated to the page you are on, then it is most likely fake. Just like our advice for links in emails, if you are unsure of the page, manually type the URL you know to be correct in your web browser or use a bookmark to visit the website.
Email Red Flags Target #7: Obsolete Web Pages
Continuing with the landing page, look to see if it is the correct one. Phishing agents may run the same campaign for years without updating the landing page they send you to. If you do get fooled into clicking the link in the email and it takes you to what looks like the old version of a website, you should not trust it.
Email Red Flags Target #8: Lack of Security Certificates (Like SSL)
Your web browser is smart. It will tell you whether or not a website is trustworthy by using a security certificate. Legitimate websites will typically have a green security label and lock icon next to the URL.
Although it is possible for scammers to fake this feature, if your browser says a website is not secure and has a red X or line through the lock icon, you should not trust it.
Email Red Flags Target #9: Page Redirection
Let's say you are fooled into clicking the link in the email and you are also tricked into entering your credentials on the fake website. Did the page blip or ask you to re-enter your account information? No, you didn't enter in your password incorrectly, it's an indication you have been redirected from the fake website (which now has your account info) to the real website, where you can actually log in.
What's the point of this? The phishing agent still needs time to log into your account with the information you just provided. If they make you think everything is ok by putting you on the legitimate website where you can log in normally, then you will be less likely to change your password before they can abuse it.
Protect Yourself from Targeted Phishing Emails by Being Proactive
Aside from being observant, what else can you do to protect yourself from targeted phishing emails? Here are a few suggestions to get you started:
- Change Your Passwords. Changing your password is the first step you should take if you believe your account has been compromised, but you should also notify your IT department immediately. The longer you wait, the more harm a malicious third-party can do. In fact, periodically changing your passwords, even when you’re confident that your information is safe, can help you proactively protect your data and systems.
- Use Email Security Tools. Using email security tools, such as sender and link verification systems, email virus/malware scanning, and end-to-end encryption (such as S/MIME) can all help you increase security for your organization’s emails.
- Make Email Encryption Mandatory within the Organization. End-to-end encryption like S/MIME can serve as a secondary method of verifying sender identities. By making internal email communications require the use of S/MIME or other forms of encryption with private keys, you can safely ignore any non-encrypted emails purporting to originate from within the organization.
- Have Employees Take Specialized Security Training. One of the best ways to thwart targeted phishing emails and avoid becoming a phishing victim is to know what to look for and how to deal with different situations. While the red flags for emails that are listed in this article are a good start, more training may be necessary to ensure everyone is up to speed with online security. This is where online education courses like Protected Trust’s Office 365 Advanced Threat Protection Security Course can help. By arming everyone with the knowledge they need, you can be in a better position to prevent email security compromise (and other security leaks).
By watching for email red flags and applying proactive email security measures, you can minimize the risk of having your account compromised. Be safe by practicing strong email security.