How to Identify a Phishing Email?

Phishing is the malicious way to deceive and take advantage of users using different mediums. Phishing attacks are targeted at stealing important, confidential information such as usernames, passwords, credit card information, network token, and more.

Both individuals and organizations are at risk. Virtually any kind of private or corporate information can be targeted, whether for company secrets or access an organization’s network. According to Verizon’s 2019 Data Breach Report, 32% of all cyber attacks involved phishing.

Also, Intel Security in a survey found that 97% of people can’t identify phishing email.

Don’t worry though, there are ways and means to protect yourself. You just need to know what you’re browsing and be vigilant. Below are the things you should examine:

Phishing Emails tend to have the following attributes

  • Unofficial “From” address: Look out for a sender’s email address that is similar to, but not the same as, a company’s official email address. Fraudsters often sign up for free email accounts with company names.
Screenshot from 2019 11 29 11 40 35
  • Urgent action required: Fraudsters often include urgent “calls to action” to try to get you to react immediately. Be wary of emails containing phrases like “Your account subscription is about to expire,” “your account has been compromised,” or “urgent action required.”

    The fraudster is taking advantage of your concern to trick you into providing confidential information.
  •  Generic greeting: Fraudsters often send thousands of phishing emails at one time. They may have your email address, but they seldom have your name. Be skeptical of an email sent with a generic greeting such as “Dear Customer” or “Dear Member”.
  • Fake links: Often, the URL link within a Phishing email will not be displayed. The Link will be displayed with a “Click Here” or similar text, which does not display the URL link.
Screenshot from 2019 11 29 11 43 46
Image taken from Malware-Traffic-Analysis
  • Typo URL’s: Some Phishing Web Sites contain Domain Names which have been registered specifically for the purpose of tricking users into believing they are at the legitimate Internet Banking Web Site. The domain name and URL will look very similar to the genuine URL, but will contain subtle differences such as they deliberately miss a letter within the URL which users would not notice without careful examination. 

    Extra letters or dashes may also be added to the URL to make it appear genuine. If a URL appears as though it may be genuine, it must be carefully compared to the legitimate URL.
Screenshot from 2019 11 29 11 45 20
Image taken from Malware-Traffic-Analysis

DMARC+ can be used to prevent such type of events in an organization. Check out our blog on DMARC to know more about it.

Deeksha is a seasoned cybersecurity expert, dedicated to defending the digital domain from cyber threats. With a strong grasp of technology's dual-edged nature, she excels in threat detection, risk mitigation, and ensuring regulatory compliance. Her proactive approach and unwavering commitment make her a reliable guardian in the ever-evolving digital landscape.


Get Secured Today!

Click that button and let’s chat! We promise to turn the murky, often scary world of cybersecurity into a walk in the digital park for your organization. Together, let’s make cybersecurity a piece of cake!