How to Catch a Phishing Email

Phishing remains one of the most common types of cybercrime according to the FBI's Internet Crime Report.  Cybercriminals took advantage of our state of unrest and found ways to profit from our heightened dependence on technology. With $10.2 billion in profits, internet crime is a lucrative business to be in. As cyber criminals get more savvy in the art of deception, these emails are getting harder to recognize. They are no longer desperate requests for money or a plea from an offshore prince. They are simple messages with a simple objective – to get you to click or respond.

Email is a key that cyber criminals can use to comprise you or your employer’s sensitive data - and bank account. It’s time to for us to treat it as such by analyzing every email received to catch phishing attempts. After practice, it will become second nature. Here are a few tips to follow in order to take back our inboxes:

CHECK WHO IT’S FROM.

Be wary of an email if:

• It’s new to the inbox party – not someone you normally communicate with
• It’s not related to your normal job responsibilities
• The from address is the name of someone in your organization but something looks off such as the format or the domain (@Sharp.support.com vs. @Sharp-support.com)

CHECK THE “TO” FIELD.

Suspect an email that:

• • You were cc’d on and you don’t know the other folks it was sent to
  • Has you as part of a group that you’ve never seen before or doesn’t apply to your job
    1. Ie. You are in sales but the group name in the To field is “HR-Benefits” or “Sharp-Finance”
  • Is sent to a random assortment of people at your company, for instance a group that has last names that start with the same letter

CHECK THE DATE FIELD.

If Bob sent you an email at 4:00 am, and you know he’s not a morning person, it could be a phishing email.

CHECK THE SUBJECT LINE.

Subject line indicators of a phishing email would be:

• • If it sounds strange or doesn’t match what you’d usually read from this person
  • It does not match the message content
  • It’s a RE: to an email that you never sent or requested
  • It’s something unrelated to your job function

EXAMINE THE MESSAGE BEFORE CLICKING.

The email is probably spam if:

• • The sender is asking you to click a link or open an attachment to find out more information
  • The email body has terrible grammar and spelling errors
  • The email body contains almost no information, and they are trying to bait you to respond
  • The sender is asking you for sensitive personal information that you were not expecting

INSPECT THE HYPERLINKS.

The email is most likely phishing if:

• • You hover your mouse over the link in the email and it shows a different website
  • The body of the email is mostly or only a hyperlink
  • The hyperlink is a misspelling of a well-known website like www.bankofamerican.com instead of www.bankofamerica.com

INSPECT ATTACHMENTS BEFORE OPENING.

After examining the above aspects of the email, think about the attachment.

• • If you weren’t expecting the attachment or it doesn’t make sense, do not open it
  • If it’s a weird filetype, do not open it
    1. In H1 2023, the most common type of malicious files attached to phishing emails were 1. Script files (.wsf) 2. Windows executables (.exe), 3. Office documents (.docx/.xlsx/.pptx), 4. PDF documents (.pdf), followed by Compressed archives (.ZIP, etc), and Batch files.

While we can’t stop hackers from using phishing to gain access to our systems, we can make sure that we are well-informed and practiced in the art of catching a phishing email. Always be on alert, especially if you receive an email that you are not expecting. Never reply to suspect emails but rather report them to your IT department if the email fails even one of the above warning signs. Download a printable sheet of these red flags for your desk as a reminder.