Have you ever been the target of a phishing attack? If so, you’ll appreciate how damaging this kind of crime can be. We’ve been there too, which is why we are keen to help everyone protect themselves against financial fraud and identity theft. But, do you know how to identify a phishing email?
Let us help you with that and share with you the best way to learn how to prevent phishing. It’s not as difficult as you might think, but there’s definitely a lot to keep in mind.
Introducing phishing: the web’s number one irritation
Phishing is one of the most annoying and harmful forms of cybercrime around. Usually, it involves criminals sending fake messages which seem to originate from reputable companies or organizations. By clicking on links in these messages, recipients can inadvertently hand over their personal details, leading to financial theft or identity fraud.
In the United States alone, phishing costs around $1.6 billion (and that’s just the attacks that are reported.) And the average corporation spends $3.6 million on measures to detect phishing attacks – so it’s a major concern.
The problem for most people is that they don’t have the resources of companies, and often struggle to know how to spot a phishing email or do anything about it. And with phishers becoming ever more sophisticated in creating realistic messages, there’s an urgent need for a solution. Could VPNs be the answer?
What do phishing emails do?
Phishing emails are send in huge numbers from central locations, which could be anywhere in the world. Increasingly, they are tailor made using marketing techniques and algorithms to fit the profile of recipients, reflecting their e-commerce habits and personal tastes.
When the user clicks these emails, they are presented with a narrative which purports to be from a reputable sender. This narrative is purely designed to a) generate trust and b) prompt the user to carry out an action, usually clicking a link.
When the link is clicked, the user could be taken to a fake website which looks like one they are familiar with. Once this stage is reached, it’s relatively easy for phishers to coerce people into handing over credit card information.
Sometimes the link will start a real-time chat. For instance, a common phishing email example is to imitate an IT service which seeks to “fix” computer faults. But when the user hands over control of their device to the chat partner, all of their details can be made available to harvest.
Other times, the link will install software on the target device which monitors the user and steals their personal details. All three methods are endemic in the USA, and all can be devastating for the victims.
How to identify phishing: 6 conventional ways
It’s a good idea to run through some basic ways ordinary web users can employ to keep themselves safe online. Many people are naive about phishers – which is what keeps these criminals in business. But there are many ways to neutralize their threat.
First off, how can you work out whether a phishing email is fraudulent? This isn’t always simple, as the whole point of phishing is to make emails attractive to the recipient, copying the branding and style of corporations they trust.
Stats show that around half of all phishing emails are opened. That’s both a staggering testimony to how skillful phishers are, and how far we have to go to protect people when they use the web.
Here are some simple tips how to identify a phishing email:
#1 Check for unusual attachments
Many phishers will add attachments to their emails. These attachments tend to contain viruses or other software which actually does the damage, so never open them if prompted, and be very sceptical about emails with any unsolicited attachments.
#2 Check the email address
Often, unsafe emails will appear to come from a major corporation, but the actual email they are sent from has nothing to do with the company they are imitating. A phishing email example could come from Amazon customer services, but if you check the email itself, it could have a generic Gmail account. That’s another major red flag as far as phishing is concerned.
#3 Is the tone right?
Phishers thrive by encouraging you to click a certain attachment or link, and to do so they often adopt a certain tone. If an email seems to be written in an urgent style which seems to pressure you to take an action, it could well be part of a phishing expedition.
#4 Tiny errors can mean trouble
Phishers may be skillful, but they often aren’t actually brilliant English speakers. Their emails can flow well, but are sometimes littered with mistakes, in a way that professional writers tend to avoid.
#5 Be really careful about outgoing links
Aside from attachments, always double check outgoing links. A key way of learning how to spot a phishing email is to check links for minor errors. Phishers know that people pay attention to these things, and will spell things like “Verizon” as “Verizom“ – often without users noticing. So stay vigilant.
#6 What are they asking?
When parsing the content of suspected phishing emails, think about their intentions. Remember, banks and other credentialed financial institutions don’t ask for financial details out of the blue. They have protected channels to guard against theft and fraud. So whenever this happens, it’s time to flag an email as spam.
How to stop them
By now, you’ve probably had the same thought most people have when discussing phishing. Instead of learning these techniques about how to identify a phishing email, why not learn how to stop phishing emails and cut off the poison at the source?
This isn’t always easy (or we’d all be doing it), but there are definitely some easy measures to take which can limit your exposure to phishing scams:
- For instance, regularly updating your browser to the latest version is a good idea. Phishers are always looking to exploit older software, and developers constantly have to keep pace with their activities, so don’t be lazy. Click on the update link when it’s available.
- Secondly, choose an email provider which is serious about stopping phishers. FastMail is generally well thought of in this regard, offering a system called SpamAssassin which performs reasonably well. Gmail also protects fairly well, but you may need to spend more time marking spam emails manually.
- There are also plugins which download global phishing databases and then upload these to email clients like Outlook, keeping them up to date with what to filter out. The leader here is SpamSieve, which is only for Macs, although Windows alternatives are appearing and are worth a look.
What to do if you receive a phishing email?
If you’ve been unfortunate enough to receive an email threat, and you’ve learned how to identify a phishing email, how can you respond safely? Well, there’s one thing that you definitely shouldn’t do. Never respond directly to the sender.
It might be tempting to tell them how you feel, but this is almost always an error. All you’ll do is confirm to the sender that you are a genuine email contact, resulting in a torrent of phishing content further down the line.
If you are part of a larger body like a University department or company, the best course of action is to report the phishing attack to the IT team, who can carry out virus checks and make sure your security systems are up to date.
“I clicked on it…”
If you’ve actually gone as far as clicking on suspect links, things become more concerning. First up, change your email password as quickly as possible to avoid any ongoing intrusion from the scammers. And change passwords on any other accounts as well. These days accounts are often interlinked, from Gmail to Twitter, e-commerce wallets and sites like YouTube. It’s hard work, but securing your accounts is essential.
Secondly, scan your system for viruses and malware. It’s advisable to check separately for both forms of intruder. And check any cloud drives such as Google Drive for suspicious files. If you see something that isn’t right, delete it straight away.
Stop phishing emails with a VPN
Earlier on we mentioned that Virtual Private Networks (VPNs) could be used as a weapon against phishing attacks, so let’s conclude by assessing whether this is an option for you.
VPNs provide an extra layer of protection when you send data across the internet but they also often feature specialist security features. The best clients include detectors that can flag up malicious websites and compartmentalize emails which link to these sites.
Moreover, with a VPN running, it’s almost impossible for hackers to “hijack” your browser to monitor your activity – a key way these criminals use to encourage you to visit certain sites.
Finally, there should also be an effective firewall component on reputable VPNs, which specifically targets phishing attacks. Put all of these capabilities together, and you’ve got a formidable set of defenses.
Stay safe by learning
If you follow the guidelines above, update your security software and think about adding a VPN to your browsing activity, it shouldn’t be hard to avoid the perils of phishing.
Sadly, phishing is a common aspect of everyday web usage, but it’s not a major threat to savvy users. So focus, stay alert, and follow best security practice and you’ll be fine.