Characteristics of Phishing Email Scams – What to Watch For

Understanding typical characteristics of phishing email scams is the best way to prevent falling victim to fraud. As the incidence of phishing attacks continues to rise, familiarizing oneself with phishing common denominators might be a valuable use of time.

What is Phishing?

Phishing is a cyber attack in which victims are tricked into providing sensitive data through emails, phone calls, text messages or any other method. This information could then be used to gain access to their account logins, credit card numbers and other private data that could lead to identity theft and financial loss. Phishing scams typically include messages asking for personal details such as home address, bank account number, passwords ATM PINs or Social Security Numbers which will often then be sold on the black market in further attacks such as malware infections ransomware emails phishing emails smishing or vishing emails being sent out in turn.

Phishing stands out from other cyber attacks in that it requires human involvement to be successful and is thus one of the more challenging threats to mitigate. Furthermore, its methods continue to adapt so as to bypass security filters and human detection – even if just one employee falls victim, an organization could experience severe data breaches as a result.

Education of employees on various types of phishing attacks and how to recognize them can be the key to protecting against phishing attacks. Phishers use various tactics such as spoofing and covert redirections which make malicious links appear authentic for recipients, as well as messages encouraging them to act quickly or urgently as part of their attempt to convince recipients into providing sensitive information.

Spear phishing attacks involve targeted messages sent to specific members of an organization, typically high-privilege account holders such as managers or IT staff, to get them to divulge sensitive data or click links. It could also target specific products or services like financial accounts or universities; attackers use various link manipulation tactics – including creating fake websites which look authentic – that lure recipients into entering their username and password details directly onto them – and send these directly back to them for processing by the attackers.

Phishing attacks often utilize emails designed to appear like corporate mail; this technique is known as “spoof emailing”, and includes features like the organization’s logo, fonts and layout that could fool recipients. Furthermore, this tactic may employ subdomains or typo squatting (misspelled URLs) in order to further conceal malicious content within it.

Shipping scams, an increasingly popular holiday-season phishing method, trick recipients into clicking a link in an attempt to claim an undeliverable package and allow the fraudsters to use their email addresses to send additional fraudulent emails and exploit accounts.

One key takeaway should be remembering that no reputable company will ever request your sensitive data via email, phone or other forms of communication. Furthermore, passwords for banking and financial accounts should be changed regularly as is sharing on social media; consider two-factor authentication on any accounts which allow it for added protection against attackers attempting to take your data by using an intermediary account as this will make it much harder for attackers to gain entry and steal your credentials.

Example

Recently, a subject line of an email to my work inbox caught my eye. Take a look (I’ve annotated with the text in blue):

This email was sent to my business/work email address from a malicious actor attempting to convince me that my employment was recently terminated. This would be an alarming email for anyone to receive, but as someone who has previously been notified by email of employment termination, it sort of struck a cord.

The subject line “YOUR EMPLOYMENT STATUS” (our incoming mail server added the “***VIRUS***” prefix to flag it as a potentially malicious email) and the customizable FROM value, “HR-Manager radwebhosting.com”, are engineered to invoke recipients to open the mail (not unlike almost every marketing email you’ll receive).

Many commonly used email clients wouldn’t display “<Hr-manager@null.net>” until the email was opened (at least not by default). Noticing this value doesn’t match the information displayed in the FROM value is a good indicator there’s something phishy going on. Even if these values do match, you’re not in the clear. Due to email spoofing, these may align perfectly with legitimate values of actual email addresses you are familiar with!

Since one of the primary goals of common phishing attacks involve getting the recipient to download and open malware on their local machines, the sender has mentioned an attached file (in their words, “your 2 months salary receipt”). Never open email attachments from unknown senders!

Finally, near the end of the email body, beneath the signature, the arbitrary text, “cc: ceo@radwebhosting.com” appears, which must be an attempt to provide evidence that the email has been cc’d to ceo@radwebhosting.com, also. First, when an email is cc’d to other recipients, this information is usually not added as text to the end of the email body in any email client I’ve ever used. Secondly, at the time of receiving this email, I served as the CEO of Rad Web Hosting, and we did not use the email address, ceo@ for any correspondence.

In the above example, I probably benefitted from the insights that my position at my company afforded me. Having said that, the importance of understanding and recognizing the characteristics of phishing email scams cannot be overstated.

Recognizing the Characteristics of Phishing Email Scams

Emails that ask you to follow links or provide sensitive data are typically malicious, as taking any action could expose you to viruses or keystroke loggers and lead to identity theft.

Recognizing common signs of phishing scams is key to protecting against them, including:

Poor Grammar and Punctuation

Spelling and grammar errors are telltale signs of phishing emails. Legitimate businesses use professional copywriters and spell checkers to review all communications before sending them out; any email that contains misspellings or grammar mistakes should immediately raise red flags.

Grammar that seems out-of-character with its sender should also raise alarm bells. If their writing style or use of informal language deviates dramatically from what is typically expected from them, this should serve as an immediate warning sign.

As with the subject line, be wary of greetings that begin “Dear [name]”, or which address someone who doesn’t appear in either To or Cc: fields as an indicator that this message could be fraudulent.

Look out for any improper punctuation and comma use; run-on sentences without context are a sure sign that something has been hastily written, which are usually indicative of spam emails phishing attempts.

Some have speculated that phishers intentionally include misspellings and grammar errors in their emails to attract those likely to fall for their scam, while another theory holds that doing this saves phishers time by quickly filtering through scores, even hundreds of false “nibbles” from curious interlopers to quickly identify those desperate enough for what the phishers offer (money, love etc.) that they will overlook any inaccuracies in grammar and English used.

Sense of Urgency

Criminals frequently employ urgency-based phishing attacks as one of the primary tactics. By creating an atmosphere of urgency, perpetrators hope to tempt users into clicking malicious links or giving out sensitive data. Note that legitimate organizations would never request personal details via email such as passwords or credit card numbers; any request that does so should raise red flags and prompt further investigation.

Attackers employ various strategies to make their phishing emails look more authentic in order to dupe victims and gain their credentials. For instance, attackers often combine malicious and benign code in an email in order to bypass Exchange Online Protection filters that search for potentially harmful attachments and links; additionally, many fraudulent messages feature typos or other cues that indicate untrustworthiness of messages sent through such channels.

AppRiver recently encountered a campaign that used Apple product web addresses as bait for unwitting victims to visit an unsolicited phishing page designed to collect user passwords and personal data with form similar to the real site but with small differences, such as misspellings or shortenings.

With such subtle details allowing attackers to bypass spam filters, it’s imperative that organizations educate their employees about phishing emails – particularly remote workers less familiar with business practices of their employers. Companies should institute training programs designed to teach employees how to evaluate phishing emails in a secure environment. It would also be wise for employees to check personal email accounts during working hours as this may enable colleagues in different time zones from sending suspicious emails during hours when the sender may not typically be online.

Too Good to Be True

Phishing scams often feature tempting offers that entice victims, including emails with promises of money, free goods or prizes. Usually these emails include an alluring hyperlink leading to a fraudulent website where criminals can gather further data on the victims.

An impersonated link may purport to come from your bank, credit card provider or another established organization; in many instances though, its name will appear suspicious as it will likely have been misspelled or altered to appear suspicious.

Phishing emails often ask for sensitive data such as login credentials. Cybercriminals could use this data to access your account or install malware onto your device. By contrast, legitimate companies usually do not require this kind of personal data via email and instead give the option of signing in directly on their site.

Also be on the lookout for any unusual behavior from the sender, such as greeting you as “Dear Customer” rather than your specific name, which indicates they may be hiding behind a generic salutation like this to avoid identification. Furthermore, an email that contains links unrelated to what was mentioned within its body message could also be a telltale sign that something fishy is happening.

Any email accompanied by a password is likely an attempt at phishing. Phishing emails frequently use passwords as a ruse to gain your trust and lure you into divulging personal details or clicking dangerous links, according to KnowBe4. Phishing has reached record heights this year and was responsible for over 50% of corporate data breaches last year; end users can learn the most common indicators of malicious email scams to quickly detect a scam before it’s too late.

Unusual Linking or Attachments

Attackers frequently send emails with an attachment that’s unmentioned in their text. Legitimate emails usually include files related to their topic – for instance an invoice or report. But attackers have been known to use random or irrelevant attachments that contain malware which can execute on a victim’s device and steal login credentials and payment details.

Some phishing emails include links that are coded entirely as hyperlinks, making it easy for recipients to accidentally click them and unwittingly download malware onto their computers. At other times, attackers direct victims of such emails to fake websites that mimic organizations they claim they work for and request they login or provide sensitive data – which will ultimately be sent directly back to them by attackers.

Hackers have become adept at mimicking their target, yet still make errors that may be hard for software to detect. For example, many phishing emails use impersonal greetings such as “Hey” or “Hi,” which aren’t common among employees of legitimate organizations. Other mistakes often made include using lowercase letters for pronouns; colloquial phrases like “gonna” or “wanna”, inconsistent capitalization issues and mistakes with grammar usage.

Some phishing attacks use “spoofed” email to mask their true sender address, making it nearly impossible for both software programs and humans to detect. Attackers typically utilize variations of company names with easily recognized domains like Gmail or Yahoo for this ruse; and will also falsify email subject lines and body text as further attempts at creating convincing phishing emails.

Strange Language

Phishing attacks use social engineering techniques to make emails appear as though they come from someone you know and then make threats or demands that seem unreasonable to get you to respond quickly and click links leading to fake websites where they will steal your information or install malware on your device.

Phishing emails often use strange language. Hackers often employ styles of writing that seem unfamiliar or informal to recipients – such as overly casual or foreign-sounding dialogue – so any emails with an odd tone should be treated with suspicion.

Phishing emails often feature misspellings and grammar misusage; professional businesses typically employ spell check features on outgoing emails to detect any that contain spelling errors; any such messages should be seen as suspicious.

One of the latest forms of phishing attacks involves ransomware – a malicious software program which claims they have video footage of you performing some private action and then demands payment so they won’t release this footage to family and friends or publish it online.

Although cyber criminals use increasingly sophisticated techniques, phishing scams remain one of the primary causes of data breaches worldwide. With some education and awareness training, you can help your employees and customers identify these fraudulent emails more quickly.