Learn to Fish for Phishing Emails

by Brad Garland
Screen Shot 2019-02-21 at 6.37.37 AM

As you can see in the image here, we deal with email phishing a lot. We get them often and so do our clients. The phishing attacker is playing the odds when it comes to phishing attacks. They can send out thousands or millions of emails at the click of a button and they don’t need a high success rate, they just need one person fall for the trick. If you can start learning how to self-scan your own emails you can ensure you won’t fall prey to this relatively easy attack. Here are some things to look out for:

  1. Per the image here, look at the sender email address. It might say my name but you can tell pretty quickly that it didn’t come from me. Most email clients either will show you the real email it’s coming from OR you can click the name and it’ll expand to see it.
  2. Now, first point is an easy one but note, this can be faked too so if your ‘attacker alarm’ go off, just look at the body of the message and does it seem like it’s in the voice of the person being sent to you? Often attackers are really bad at spelling and grammar as well. And for the record, I can’t think an email in my life I ended with ‘Regards’ (heh).
  3. If you feel like you need to respond to the potential ‘real’ sender just contact the sender back in a different form of communication to verify. Send an instant message, Slack, text or call to simply ask if that was from them. If you’re not sure, don’t make it worse by attempting to reply to that email, clicking any links within the email or opening the attachments.
Worst case, many IT teams setup a quarantined email box that they can review and do even fancier things, automated email phishing training tools, doing a deeper anti-virus scan or even reviewing email headers. Start with the easiest things you can control and raise your security at the same time.
Have you ever picked a phishing email out of your inbox? Or better yet, ever caught the attacker trying? Share your story with our community using the hash tag #cybersecuritywins and you'll be entered into a contest for a $50 gift card from Amazon!