How to recognize a phishing email

Phishing is by far the most common information gathering method used by cyber attackers. If you respond to a phishing email, it tells the attacker that the email address is valid and there’s actually a potentially vulnerable human being at that address. There are a few things we all should do to check emails and protect ourselves from potential malware and virus infections which often result in data exfiltration and unwanted access to company resources.

Check the domain name of the sending email address

The easiest way to identify a phishing email is to check the domain of the sending email address. Many phishing emails identify as being from major companies like Microsoft, Paypal, or a large bank. Those organizations use certain and finite email domain names and the phishing emails do not and cannot send from legitimate domains. See the example below.

Hover over any links in the email and see where they point to.

Next, you can hover over any links in the email and determine the validity of those links. In the example below, the link goes to an IP address which is not common and therefore should not be clicked on.

Use an email analyzer your email client

There are many email analyzers offered for use today. If your company doesn’t have one deployed, you should alert your management to it and ask the IT person to implement such a capability. The example below is the result of an analyzer. They usually analyze four major areas of a message. The sending address, links contained in the message, any attachments in the message and content found in the body of the message.

Use a good email filtering service

Email filtering services like Mimecast and Mail Assure provide email filtering and analysis services and will often catch and quarantine most phishing emails before they hit your inbox. Your organization may not be using a filtering service, so talk with your management team and inquire about this capability.

Slow down

Lastly, what most users need to do is slow down. We can quickly click on items we probably should not. Sometimes, new employees get in a rush and overlook very obvious requests from scammers that are not normal in the organization. If the President of the company never asks you to go out and buy gift cards, then that is not something you should do if you get a request via email to do so. In-person verification of such requests should be a normal practice.