Below is an example of a phishing e-mail which I recently received in my inbox. This one is not the most elaborate but nevertheless, it is easy enough to fall into. Here is a screenshot from my Inbox.
Let’s take a closer look at this e-mail and see what kind of techniques phisher used in order to try to get me into the trap.
- Known brand. As you can see it uses FedEx branding to make recipient into thinking that it is an authentic e-mail from FedEx. Using known brand or name of a real company is a technique which is frequently used by phishers. It is much easier to for them to copy branding and style of existing known brand than create something on their own. They’re not interested in created anything, anyway. It also creates a sense of trust for a victim of phishing.
- Sense of urgency. “Not possible to make delivery” is a key part of this phishing e-mail. This message contains a clear call for action and also has a goal to make victim nervous. When people are nervous they pay less attention to suspicious signs in the e-mail and are more prone to clicking and falling into it.
- Urls that look right. When hovering over URLs in the footer of the e-mail you will see links to the real fedex.com domain. For example “Global Home” footer link points to http://www.fedex.com/?location=home which is a FedEx home page. This makes phishing victim think that e-mail is authentic and belongs to FedEx.
Still, even when phisher used all of the techniques above, it is possible to figure out that e-mail is not real. Here are the steps I usually do to find out if e-mail is real.
- Check URLs in e-mail. Hover over different links in e-mail (specifically over ones which require you to make an action or click something. When you hover over the link you will see URL which it will navigate to in a browser status bar. In a screenshot above you can see an actual URL of a phishing website in a left bottom corner of a page. And as you can see it points nowhere close to fedex.com domain. This is still not going to be a perfect protection. Very frequently phishers use website names which look very similar to the brand they are trying to imitate. I personally try to avoid clicking links in e-mails for websites where I may need to enter any identifiable personal information. In such cases I type website name myself and navigate to required page. It takes a bit more time but considerably reduces chances of being phished.
- Check sender of e-mail. Sometimes e-mail clients only show a name of the sender and don’t show actual e-mail address. In order to see an actual e-mail address, you have to click or tap on sender name. This will open sender details. Once you are able to see sender e-mail, make sure that e-mail has the domain of the brand/company it claims to be after @ sign. If it doesn’t most probably it is fake. It is very rare for companies to use non-company domains for e-mail. Here is an e-mail of a person who sent that FedEx e-mail to me.
Doesn’t look like FedEx at all.
- Click on reply to see actual sender.. That relates to the previous check. Even if an e-mail looks authentic sometimes it may be masked and only clicking reply will retrieve actual sender of e-mail.
- Look for grammar errors. Most of the phishing e-mails I encountered have some kind of grammar errors. So if you see some English which lacks grammar or spelling it is a very strong phishing sign.
This guide is not an exhaustive review of all techniques which are used by phishers and which techniques you can use to detect them. But it adds some good tools to your defense which you can use every day when going through your e-mails.
And great old style trick to catch phishers. Even in the digital world where we live right now, there is always a phone which you can use to make a quick call and verify that e-mail is authentic and its author is who it claims to be.