Detecting a Phishing Email: 10 Things to Watch

As security professionals, we remain vigilant in identifying phishing attempts and actively seek information on defending against ransomware and phishing attacks. These topics hold paramount importance within the security community. It is well-known that phishing emails frequently serve as the initial catalyst for ransomware infections. To safeguard your organization, it is crucial to adopt proactive measures. 

Our primary objective in security awareness is to equip organizations with effective methods and insights to enhance detecting and preventing email-based attacks. The landscape of phishing is ever-evolving, and the attacks are becoming increasingly intricate, posing greater challenges in terms of detection and defense. 

You likely already know many of the indicators to keep an eye out for when detecting a phishing email. However, those who work in your organization may not. 

10 Ways Employees Can Spot a Phishing Email

Phishing attacks encompassing ransomware, malware, and other variations, frequently originate from deceptive emails. Taking proactive measures is crucial to safeguard yourself and your organization’s security. Keeping your computer up to date and patched significantly minimizes the risk of infections. Nevertheless, the threat of falling victim to social engineering attacks, identity theft, or disclosing credentials via cleverly crafted emails is very real and increasingly prevalent. It is imperative to maintain a vigilant approach to identify phishing emails and prioritize employee education within your organization. This concerted effort plays a critical role in defending against these threats and effectively mitigating this attack vector. 

Here is a quick top ten list for how your employees can spot and handle a phishing email.

1. Don’t trust the display name of who the email is from

Do not solely rely on the name of a person you know or trust as an assurance of the email’s authenticity. Always verify the email address to confirm the true sender. It is important to note that email sender addresses can be easily spoofed or sent from compromised accounts, making it a common occurrence. 

2. Look but don’t click

A straightforward approach to examine a hyperlink (or URL) is to hover or move the mouse cursor over different elements of the email without clicking on anything. If the displayed alt text appears unusual or does not correspond to the description of the link, it is advisable not to click on it. Instead, report it to the security operations center (SOC).

3. Check for grammatical errors

While anyone can make typographical errors, it is essential to be vigilant when encountering emails with grammatical mistakes. Scammers often rely on spellcheckers or translation tools when crafting their messages, resulting in correctly spelled words but with improper context. 

4. Consider the salutation

Attackers occasionally employ a generic or ambiguous greeting (such as “Dear valued customer”) that aligns with automated templates. Alternatively, they may omit the salutation altogether. While this practice does not always signify a scam, it can serve as a “red flag” if something feels amiss.

5. Is the email asking for personal information?

Be cautious when emails ask for sensitive or personal information. To confirm if action is needed, contact the company’s customer support or access your account directly through their official website. It is important to note that legitimate organizations rarely request such information via email, so be cautious if emails deviate from the norm by asking for unusual help or data. 

6. Be careful with attachments

Stay cautious of enticing or seemingly normal email attachments that may harbor malware. Avoid opening suspicious unsolicited attachments and verify with the sender if necessary. Beware of attachments that appear official but contain hidden malicious links, and never trust HTM/HTML attachments as they can execute code directly from your computer’s memory. 

7. Beware of urgency

Exercise caution when encountering emails that employ urgency as a tactic. Phishing emails often exploit people’s trust or willingness to help by creating a sense of urgency, aiming to prompt hasty decisions.  

8. Check the email signature

Always check the email signature within the body of the email to ensure it matches the sender or the claimed identity. Phishing attempts often involve mismatched or inconsistent email signatures when attempting to impersonate another person or co-worker.

9. Don’t believe everything you see

If something appears even slightly suspicious or deviates from the norm, it is advisable to prioritize safety over taking risks. If you notice any unusual or concerning signs, it is best to report the issue to your SOC for further investigation and guidance.

10. When in doubt, contact your SOC

Report any concerns to the SOC, as they prefer to investigate potential threats rather than risk a compromise. With the ongoing and successful nature of phishing attacks, it is crucial to exercise caution and avoid becoming another victim. Stay vigilant and help protect organizations from the dangers of phishing. 

Your Guide to Reduce Insider Risk

Training your employees to stay vigilant against phishing attacks is one tactic to reduce risk to your organization, but no matter what, people make mistakes and threats slip through the cracks. In this guide, learn how Exabeam can enable you to identify and mitigate the potential risk of seven common compromised insider use cases.