Phishing Defense Techniques

Below is an example of a phishing e-mail which I recently received in my inbox. This one is not the most elaborate but nevertheless, it is easy enough to fall into. Here is a screenshot from my Inbox.

phishing_example

Let’s take a closer look at this e-mail and see what kind of techniques phisher used in order to try to get me into the trap.

  • Known brand. As you can see it uses FedEx branding to make recipient into thinking that it is an authentic e-mail from FedEx. Using known brand or name of a real company is a technique which is frequently used by phishers. It is much easier to for them to copy branding and style of existing known brand than create something on their own. They’re not interested in created anything, anyway. It also creates a sense of trust for a victim of phishing.
  • Sense of urgency. “Not possible to make delivery” is a key part of this phishing e-mail. This message contains a clear call for action and also has a goal to make victim nervous. When people are nervous they pay less attention to suspicious signs in the e-mail and are more prone to clicking and falling into it.
  • Urls that look right. When hovering over URLs in the footer of the e-mail you will see links to the real fedex.com domain. For example “Global Home” footer link points to http://www.fedex.com/?location=home which is a FedEx home page. This makes phishing victim think that e-mail is authentic and belongs to FedEx.

Still, even when phisher used all of the techniques above, it is possible to figure out that e-mail is not real. Here are the steps I usually do to find out if e-mail is real.

  • Check URLs in e-mail. Hover over different links in e-mail (specifically over ones which require you to make an action or click something. When you hover over the link you will see URL which it will navigate to in a browser status bar. In a screenshot above you can see an actual URL of a phishing website in a left bottom corner of a page. And as you can see it points nowhere close to fedex.com domain. This is still not going to be a perfect protection. Very frequently phishers use website names which look very similar to the brand they are trying to imitate. I personally try to avoid clicking links in e-mails for websites where I may need to enter any identifiable personal information. In such cases I type website name myself and navigate to required page. It takes a bit more time but considerably reduces chances of being phished.
  • Check sender of e-mail. Sometimes e-mail clients only show a name of the sender and don’t show actual e-mail address. In order to see an actual e-mail address, you have to click or tap on sender name. This will open sender details. Once you are able to see sender e-mail, make sure that e-mail has the domain of the brand/company it claims to be after @ sign. If it doesn’t most probably it is fake. It is very rare for companies to use non-company domains for e-mail. Here is an e-mail of a person who sent that FedEx e-mail to me.
    Doesn’t look like FedEx at all. phishing_example_2
  • Click on reply to see actual sender.. That relates to the previous check. Even if an e-mail looks authentic sometimes it may be masked and only clicking reply will retrieve actual sender of e-mail.
  • Look for grammar errors. Most of the phishing e-mails I encountered have some kind of grammar errors. So if you see some English which lacks grammar or spelling it is a very strong phishing sign.

This guide is not an exhaustive review of all techniques which are used by phishers and which techniques you can use to detect them. But it adds some good tools to your defense which you can use every day when going through your e-mails.

And great old style trick to catch phishers. Even in the digital world where we live right now, there is always a phone which you can use to make a quick call and verify that e-mail is authentic and its author is who it claims to be.

Verify SSL Certificate on Internet Explorer

Below instructions are applicable to Internet Explorer 10 running on Windows 10. Please note that you can only verify certificate in a native version of Internet Explorer 10. New Internet Explorer for Windows 10 called Microsoft Edge doesn’t have the functionality to view certificate details.

  • Navigate to a website for which you want to verify SSL certification in your Internet Explorer browser. Make sure that you are not using Microsoft Edge browser. To launch Internet Explorer on Windows 10 you need to type “internet explorer” in window search bar. You should see Internet Explorer appear in a list above
  • Click on lock icon located on the right side of the taskbar. If lock icon is missing it means that website is not using SSL encryption and it is not safe to use it for anything other than reading content from it. ie-ssl-1
  • After clicking on the lock icon you should see a small popup window with basic certificate details. Typically it will have very generic information about the certificate. ie-ssl-2
  • To make sure that you’re actually browsing a website which is owned by a specific corporate entity you need to click on “View certificates” link in this popup window.
  • You should see a window with certificate details as on an image belowie-ssl-3
  • Click on triangle next to “Details” in order to view all factual details about the website certificate. You should see website owner company details and also details of entity which issues the certificate

Verify SSL Certificate on Chrome

Due to the recent update of Chrome Browser, steps used to verify SSL certificate validity have changed. If you still use old Chrome Browser you can read instructions in for SSL certificate verification in our Anti-Phishing Guide.

If you’re on latest versions of Google Chrome below are instructions on how to verify SSL certificate there.

  • Navigate to a page which you want to view SSL details for.
  • Click on tree dots icon in the left right corner of Chrome Browser
  • three-dots-chrome
  • In the menu which will open select “More Tools” and then “Developer Tools”
  • You should see a tab open within Chrome browser similar to the one displayed below
  • security-tab
  • Select “Security” tab
  • In the “Security” tab you should see information if site that you have currently opened provides valid certificate (see screenshot above). If there is a valid certificate available for the site you can view it by clicking on “View certificate” button
  • Below is an example of a valid certificate for https://www.microsoft.com/
  • microsoft-ssl-certificate