Phishing emails have become increasingly common and difficult to detect in recent years; in fact, they were the most common online fraud type in 2020, with nearly a quarter of a million phishing emails sent out to unwitting victims.

By masquerading as a known authority figure, service provider, or other valid email source (e.g., the victim’s bank or employer), fraudsters can manipulate users to do their bidding: reveal username/passwords, share credit card information, or disclose other pieces of critical data. Some are easier to recognize than others, but in general phishing emails are continuing to evolve in sophistication as average internet users become savvier to common online threats.

For this reason, implementing effective account takeover prevention measures is crucial for mitigating the risk of phishing attacks and improving overall awareness around how to spot them.

What is Phishing?

Phishing is the process of sending fraudulent emails designed to steal personal information or gain access to online accounts. These emails often appear to come from legitimate sources, such as banks or other financial institutions, but they are actually sent by hackers attempting to gain access to your confidential information.

What is the goal of phishing attacks against businesses?

Since the end game is profit, malicious actors typically steal data to resell on the black market (i.e., the dark web) or launch more attacks. Cyber criminals are especially keen to direct phishing email campaigns against commercial firms, since these types of attacks against businesses will yield higher value victims (e.g., the CEO of a firm, a web store owner). In 2020, 75 percent of businesses globally suffered from phishing attacks; in the U.S., 74 percent of these were successful. And unlike consumers, businesses that fall victim to phishing email attacks are subject to various post-incident reporting requirements such as notifying customers and/or registering data breach incidents publicly. This can result in negative media coverage, significant brand damage, and other business disruptions, not to mention a decrease in shareholder value if the company is publicly traded.

How to identify phishing emails?

The contents of a phishing email will vary depending who the malicious actor is masquerading as. For example, cyber criminals may pose as the business’ bank to manipulate employees or users into revealing their account login details. They may impersonate an internet service provider requesting access to the users’ desktop, a trusted colleague asking for a monetary favor, or even a known company executive requesting the expediting of a (non-existent) invoice.

Because email addresses are generally meant to be publicly accessible, phishing emails will invariably find their way into users’ accounts. Fortunately, today’s anti-phishing, email security, and account takeover prevention solutions are highly effective in mitigating the risk of phishing emails. That said, businesses should train their employees on how to monitor for these threats — specifically, to look out for the following red flags of a phishing email attack.

Atypical Salutations

Phishing emails often start with a greeting that you wouldn’t ordinarily expect like "Dear account holder," "Dear Sir or Madam," or "Dear valued customer." Though attackers may remove the greeting altogether and launch straight into the body of the email, more often they will begin with an unusually generic greeting that lacks any personalization (e.g., the recipient's first/last name). Because phishing emails are typically automated, attackers may send thousands of emails at once in hopes of netting a few unwary victims; subsequently, they often do not have the necessary details to personalize the message for each recipient.

Abundance of typos

Bad grammar is an obvious sign of a phishing email. Legitimate firms drafting formal emails will likely correct any obvious errors and typos prior to sending, while cyber attackers will inadvertently include spelling, syntax or grammatical errors. The email copy may also use improper English or sentences that are nonsensical. These mistakes may be hard to notice at first glance, but can more easily be spotted during a slower, second take.

Discrepancies in links and domains

Cyber criminals will often employ phishing emails to trick readers into clicking on malicious links. This could have disastrous results, as the action may open up a destination web page/resource containing malware or malicious scripts for harvesting user details.

Several key visual clues may allude to a potential phishing email attack in the works. The links may be buttons or graphics directly copied and pasted into the email body, in which case they may look off-center, oddly-shaped or malformed. For text links, users should be wary of hyperlinks with hidden or obfuscated URLS., as cyber criminals will use methods to cloak the malicious destination domain, so as not to tip off the user.

Source: bleepingcomputer.com

Abnormal sense of urgency

Cyber criminals use urgency as a way for disarming users and provoking them into taking action quickly. This could take the form of an email marked as urgent, a request for an immediate response, and/or a threat of further action (e.g., legal proceedings, collections, reporting to law enforcement).

Source: consumeraffairs.com

These urgent requests carry extra weight if the email purports to be from an employee or user’s manager at work. In this case, the cyber criminal is banking on the users’ reluctance to question authority regarding any unusual aspects of the email.

Suspicious email attachments

Phishing emails often direct users to open attachments that resemble innocuous files (e.g., documents/PDFs, spreadsheets, or high-resolution images). However, these attachments often contain malware and other malicious files used for gaining backdoor access to the user’s computer.

Source: microsoft.com.

In some cases, an .exe file may come as an attachment — if the email and file are unexpected, it’s safer to leave it alone and discard the email. Zipped email attachments can also be dangerous, as malicious files are often hidden layers deep within compressed folders.

Requests for payment information or banking details

It’s important to keep in mind that most organizations these days, be it a government authority, service provider, bank, or other business, do not request private information via email, expressly because of security and privacy reasons. Any requests for credit card information, bank details, or account access should therefore be scrutinized thoroughly.

Source: mailguard.com.

Additionally, employees and staff should be trained to never provide payment information over email. Requests for payment information or banking details are more obvious signs of a phishing attempt; subsequently, most anti-phishing email tools will alert users when these types of emails appear.

Unsolicited conversations or messages

Because phishing emails usually involve unsolicited attempts to correspond with the receiver, users should ask themselves how the sender got their email address in the first place. If it's determined that no mailing list signup, opt-in, or initial conversation occurred, then a phishing email attack is likely underway. Fortunately, several anti-phishing tools can help to automatically detect and disarm these types of phishing emails.

What are some typical phishing email examples?

Though phishing emails take many forms, they all tend to have a few things in common. Generally speaking, emails from unrecognized senders always warrant special handling and scrutiny; in these cases, users should, by default, assume a defensive posture.

A phishing email could look like this:

Dear customer,

We have detected an unauthorized attempt to access your account so your account has been blocked. Please click on the following link with the pin code 936740 to reactivate.

Or this:

You have an unclaimed credit amounting to $461.35. To claim this credit before it expires in 2 days, click the button below.

In both cases, the sender has created an air of urgency for manipulating the receiver into acting quickly without taking the proper considerations.

How to properly handle phishing emails

Of course, recipients of suspected phishing emails should never do what the sender requests. This includes:

• Clicking on any links
• Providing personal or business information Replying to the email

The following actions can be taken to mitigate the potential threat:

• Inform a manager, supervisor, or someone in authority about the email
• Carefully analyze the email (visually) for further signs of a phishing attempt

Contact the organization that owns the domain in the sender’s email address (but do not reply to the email)— this can be determined by simply searching for its contact details online.

Conclusion

It may be tempting to dismiss phishing attacks as easy-to-spot and hard to fall for, but the reason they are so common is because cyber criminals continue to profit from them. Even the most poorly designed and unconvincing phishing emails end up netting a small percentage of recipients — for larger organizations, this could end up being a significant number of victims. And as malicious actors become more sophisticated in their tactics, you can be sure that their phishing emails will also follow suit.