Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

5 ways to spot a phishing email

Sharon Florentine | Feb. 23, 2017
Think you're clever enough to recognise a phishing attempt? Think again. Cybercriminals are getting smarter and their phishing skills are getting better, but we've put together this list of clues to help you avoid a costly error.

Another trick phishing scams use is misleading domain names. Most users aren't familiar with the DNS naming structure, and therefore are fooled when they see what looks like a legitimate company name within a URL. Standard DNS naming convention is Child Domain dot Full Domain dot com; for example, info.LegitExampleCorp.com. A link to that site would go to the "Information" page of the Legitimate Example Corporation's web site.

phish email3  

A phishing scam's misleading domain name, however, would be structured differently; it would incorporate the legitimate business name, but it would be placed before the actual, malicious domain to which a target would be directed. For instance, Name of Legit Domain dot Actual Dangerous Domain dot com: LegitExampleCorp.com.MaliciousDomain.com.

To an average user, simply seeing the legitimate business name anywhere in the URL would reassure them that it was safe to click through. Spoiler alert: it's not.

4. Poor spelling and/or grammar

It's highly unlikely that a corporate communications department would send messages to its customer base without going through at least a few rounds of spelling and grammar checks, editing and proofreading. If the email you receive is riddled with these errors, it's a scam.

You should also be skeptical of generic greetings like, "Dear Customer" or "Dear Member." These should both raise a red flag because most companies would use your name in their email greetings.

phish email1  

5. Are you threatening me?

"Urgent action required!" "Your account will be closed!" "Your account has been compromised!" These intimidation tactics are becoming more common than the promise of "instant riches"; taking advantage of your anxiety and concern to get you to provide your personal information. Don't hesitate to call your bank or financial institution to confirm if something just doesn't seem right.

And scammers aren't just using banks, credit cards and email providers as cover for their scams, many are using the threat of action from government agencies like the IRS and the FBI to scare unwitting targets into giving up the goods. Here's the thing: government agencies, especially, do not use email as their initial means of communication.

phish email2  

Phishing scams continue to evolve

This is by no means a comprehensive list. Phishing scammers are constantly evolving, and their methods are becoming more cunning and difficult to trace. New tactics include this frighteningly effective Gmail attack, end-of-the-year healthcare open enrollment scams, low-priced Amazon bargains, and tax-season attempts.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.