Learn how to spot the five indicators of a phishing attack

Concerned you might be getting targeted with phishing attacks?

spot a phish banner
Author profile photo
Sebastian Salla May 15, 2022

Phishing is a technique used by cyber criminals to attack businesses and steal sensitive information such as credit card numbers, login details and personally identifiable data. Phishing messages often come in the form of emails but may also come as SMS messages or messages in third-party applications such as LinkedIn, Facebook, WhatsApp and so on.

Understanding how to spot phishing messages and in particular, emails is a crucial step towards protecting your online identity. To help with this task, we’ve put together 5 identifiers for spotting the phish.

  1. Urgency, threats, and calls to action: Be cautious of emails that urge you to read, click or call immediately. Attackers use urgency to try and bypass much of the critical thinking we normally apply when browsing the internet. Typically, these emails will either offer a reward or on the inverse, a penalty if it is not actioned promptly.
  2. Never before seen senders: It’s extremely common for phishing emails to originate from a never-before-seen sender. While many emails will still be non-malicious in nature, it’s crucial that an extra level of rigor is applied when reading the content from these senders. Ask yourself… was I expecting this email? Do I recognize the domain the sender is coming from? Does anything seem off with the email content?
  3. Bad spelling and grammar: Most native speakers are well versed in how to put together a grammatically correct email. However, phishing attacks can originate from a sender anywhere in the world. Often these attackers will not speak your native language or if they do, it’s likely not their first language and accordingly grammar and spelling may suffer. If there’s an abnormal number of spelling or grammatical issues, use this as an indicator that the message may be malicious in nature.
  4. Generic content: While some phishing attacks are highly targeted, many are not. Generic content is typically used when the same phishing email is being sent to many recipients and the attacker wants to try and hook as many targets as they can. If an email appears generic in nature but comes from a never-before-seen sender or domain, make sure to treat it with a higher level of suspicious.
  5. Suspicious links and attachments: If you believe an email is suspicious in nature, don’t click on any links or attachments. Exploits are discovered on a near weekly basis for browsers and operating systems, where the mere presence of an attachment or viewing a website could be enough for a 0-day exploit to execute. While being targeted with a 0-day exploit is unlikely, visiting malicious websites also alert attackers that you clicked the link and even if you don’t hand over your credentials, it provides attackers with data that you should be targeted in the future as you nearly fell for the phish.

Many of these identifiers alone are insufficient for being able to spot a phish, however when coupled together they act as an extremely useful set of identifiers. For example, if you receive an email which is prompting you to perform a password reset for a commonly used service and it’s providing a link to perform this action, you’ll likely find that indicators one, two, four and five have been hit.

If you believe you’ve received a phishing email:

  • Don’t interact with it. Don’t open any links, click any attachments, or respond to the sender.
  • If it appears to come from someone you know, reach out to that person through another form of communication and confirm the email did in fact come from them.
  • Report the message to your IT or Security team for analysis.

What should you do if you’ve been successfully phished, and your computer or account is compromised?

  • Note as many details about the attack as possible.
  • Change your passwords to any accounts where the same password is in-use.
  • If not already, turn on multi-factor authentication for as many of your accounts as possible.
  • Notify your IT or Security team immediately.
  • If your money has been stolen or the attackers are blackmailing you, contact your local law enforcement.

Wrapping up

Phishing is a serious threat that many businesses face. To reduce the liklihood that phishing emails are interacted with, you should use a mixture simulated phishing attacks and security awareness training to train your employees.

By utilising the phishing simulation platform provided by CanIPhish, you can train your employees in an efficient and effective manner. If you have any questions, please don’t hesitate to contact the team at CanIPhish.

Avatar profile photo
Written by

Sebastian Salla

A Security Professional who loves all things related to Cloud and Email Security.