In this post, we detail some of the most common indicators of a phishing attempt. If your can train your employees to consistently identify these red flags in emails you will be able to prevent costly phishing-related data breaches and malware infections.
Common Indicators of a Phishing Attempt
This is not an exhaustive list of the common indicators of a phishing attempt, but if you consider these ten points, you will be able to identify most phishing attempts.
- The email is not addressed to you by name
Legitimate companies that you hold an account with have your name and they will use it in their email communications. If the greeting is generic, it indicates you have no relationship with the sender and they most likely only have your email address – Dear Internet user, dear webmail user, salutations, dear customer, for example. - The display name and the email address do not match
The display name in the sender field does not match the email address. Most corporate emails sent by employees will include the individual’s last name and initials. If the sender’s name does not make sense given the context of the email, it is an indicator of phishing. - An email claiming to be from a reputable company is sent from a public email domain
Reputable companies buy a domain name and use that for their email. While there are exceptions, such as some small businesses, most legitimate companies will have their own domain name and will not use public email domains such as Gmail, Yahoo, Outlook, or Hotmail. - The email contains spelling mistakes and grammatical errors
Mailshots, marketing messages, and other official communications from companies are run through a spelling and grammar checker before being sent. The messages will not be riddled with spelling mistakes, grammatical errors, and odd word choices. - You were sent an email with an unsolicited attachment
Most companies are aware of the risk of phishing and avoid sending email attachments unless there is a very good reason for doing so. If you receive an unsolicited email attachment, you should assume it could be malicious. Attachments often contain malicious code that installs malware. Never enable content in Office attachments unless you are certain about the authenticity of the attachment. If warned that the file contains macros, do not enable content. - The hyperlinks in the email direct you to an unfamiliar website
If an email tells you to visit a website or click a button, you should check the destination URL and make sure it directs you to an official website. Hyperlinks are often masked and direct you to websites owned by the attackers. If the link looks legitimate and you click, double-check the URL when you arrive on the website, as you may have been redirected. - Urgent action is required
Phishing emails often try to get the user to take urgent action, such as opening an attachment or visiting a website. The aim is to get the user to take action quickly and not fully consider the legitimacy of the request. - There is a threat of negative consequences for a lack of action
Phishing emails often contain threats of negative consequences if no action is taken, and try to scare people into acting fast. This is often achieved by threatening legal action, account closure, or that fake charges will be applied to accounts. Stop and consider the request carefully. A couple of minutes will make no difference if the warning is legitimate. - A file is attached that contains information that could have been put in the message body
Email attachments are often used to hide content from email security solutions. Attachments may include hyperlinks that could have easily been included in the email. If the email body has next to no content and you are asked to open an attachment to find out more, it is very phishy. - The email or linked website requests personal information
Businesses do not ask customers to send sensitive personal data via emails, such as passwords or Social Security numbers. If a website linked in an email asks you to log in, to your Microsoft 365 account for instance, check the URL and make sure you are on the official website related to that log in request before attempting to log in.
If you receive any email and after reading it something seems a little off, try to verify the legitimacy of the email using trusted contact information, not the contact information supplied in the email. A quick phone call could help you avoid a malware infection. If there is a problem with your account, log in via your bookmarks or find the official site through a search engine. If there is genuinely a problem, you will be informed of it when you log in.
Cybersecurity Solutions for Blocking Phishing Attacks
Businesses should implement a security awareness training program to teach employees security best practices and the common indicators of phishing attempts. Through regular training, it is possible to create a human firewall to complement your technical anti-phishing measures.
As with many aspects of cybersecurity, the best strategy is to adopt a defense-in-depth approach and implement multiple layers of protection, as no single cybersecurity solution will block all phishing attempts. Technical phishing defenses should include a secure email gateway or spam filter for blocking inbound phishing threats and malware, and the solution should also have the capability to filter outbound messages to prevent corporate email accounts from being used to send phishing emails to contacts and customers. Emotet malware, for instance, can self-propagate via email and send copies of itself to contacts via email, inserting itself into message threads. Outbound filtering can detect and block these ‘internal’ phishing attacks.
A web filter should be implemented to block the web-based component of phishing attacks. Web filters prevent users from accessing known malicious websites, and provide time-of-click protection against malicious links in emails that have bypassed the secure email gateway.
A spam filter and web filter can block attacks, but should an attack succeed and credentials be stolen, multi-factor authentication can prevent those credentials from being used by a threat actor to remotely access an account. Multi-factor authentication should be applied on email accounts, Microsoft 365, and all administrator accounts as a minimum.
Speak to TitanHQ About Improving Phishing Defenses
TitanHQ offers a trio of cybersecurity solutions for blocking phishing attacks. SpamTitan Email Security is a highly effective spam filtering solution that features machine learning technology to block zero-day phishing attempts, signature-based and behavioral detection of malware threats, and protection against email impersonation attacks.
WebTitan DNS Filter is a web filtering solution for controlling access to web content. WebTitan can be used to block user access to risky and non-work-related web content and is fed threat intelligence gathered from over 500 million endpoints worldwide to block access to known malicious websites and block malware downloads.
SafeTitan is a comprehensive security awareness training and phishing simulation platform that delivers security awareness training where it is needed in real-time, in response to bad security practices by employees including failed phishing simulations. SafeTitan includes a huge range of training content that is gamified, interactive, and enjoyable for employees, and hundreds of phishing templates for conducting realistic phishing simulations.
For more information about improving your security defenses with these products, to arrange product demonstrations, or to sign up for a free trial of any of these solutions, contact TitanHQ today.