How to Spot Sneaky and Dangerous Phishing Emails
Table of contents
- Why does phishing work?
- Signs of phishing email
- 1. The email has landed in your spam folder
- 2. The subject lines are disturbing
- 3. The email encourages a sense of urgency
- 4. The Email pretends to be a world-famous brand
- 5. The Email lacks detail
- 6. The Email has grammatical and stylistic errors
- 7. The Email contains URLs with malformed prefixes
- What if it was a breach?
If Loki, the Norse god of mischief and deceit, was a cybercriminal, he’d surely pick phishing as his weapon of choice.
You might think you know how to spot a phishing email. Until one day at work, you receive an email supposedly about an overdue invoice requiring urgent payment. Of course, you forward it to your boss, only to find out later you were unwittingly duped by a scam.
You shouldn’t feel bad about falling for phishing. In 2020, 75% of companies globally faced phishing attacks, and 74% of those in the US were successful. All in all, phishing increased by 667% during the first months of the coronavirus pandemic and became the number one cybersecurity threat in 2020, with 241,342 victims in the US alone. It seems like staying home during the pandemic gave cybercrooks plenty of free time, and they wasted none of it.
According to published statistics, one in 99 emails is a phishing attempt, with half of these attacks including malware, and two out of three featuring malicious links. While we can’t stop you from sharing your credentials, Clario can protect you from malicious websites and suspicious online activity in real-time. Download Clario to enjoy safe browsing, protected identity, and a secure network.
But all these stats drove us away from the main point: how to spot phishing scams, fake and suspicious emails.
Why does phishing work?
Unlike malware, or other computer viruses, email scams, known as phishing emails, are more subtle. They attack the victim in an attempt to extort valuable information from them (personal, banking, or other confidential details).
The worst part is that phishers use psychological tricks and social engineering to make sure we fall for their scams. Playing on our basic emotions and unconscious impulses, they use every device in the book to block our logical thinking and analysis. And fear, urgency, greed, and shame are the perfect facilitators to achieve that.
In one of our previous articles, we explored what phishing is in greater detail. Now, if you want to know how to spot suspicious emails and protect yourself from them, just keep on reading.
Signs of phishing email
Yes, phishers know pretty well what to say to make us think irrationally. And that’s exactly what gives them away! Here are some alerting signs of fake emails you should learn to be on the safe side.
1. The email has landed in your spam folder
Spam folders and scammers are playing a constant game of cat-and-mouse, so this is far from a definitive way of testing the legitimacy of a message. Remember, a small percentage of these emails even get white-listed by internet service providers (ISPs). However, it’s a strong indication that an email IS a scam when it doesn't get past a spam filter, even if it looks legitimate.
2. The subject lines are disturbing
Phishing messages start with subject lines as these are what make people click or delete emails right away. And in 2020, phishers knew pretty well what to write to make people click. KnowBe4 has identified the most popular subject lines in 2020 as:
- Password Check Required Immediately
- Touch base on meeting next week
- Vacation Policy Update
- COVID-19 Remote Work Policy Update
- Important: Dress Code Changes
- Scheduled Server Maintenance -- No Internet Access
- De-activation of [[email]] in process
- Please review the leave law requirements
- You have been added to a team in Microsoft Teams
- Company Policy Notification: COVID-19 - Test & Trace Guidelines
As you can see, phishers were exploiting people’s fear for their health and the uncertainty of working remotely in their subject lines. But always remember: if your gut says something’s phishy, it probably is.
3. The email encourages a sense of urgency
- “Click this now to stop your Amazon account from being deactivated!”
- “Make this payment today to avoid debt collection activity!”
- “Please click to confirm your security details”
Of course, other scam attempts, such as outright blackmail, will always come with a sense of urgency. But those trying to establish confidence and, therefore, legitimacy will usually adopt the disguise of a known brand, such as Amazon. For businesses, there are numerous fake emails pretending to be sent from government tax departments.
4. The Email pretends to be a world-famous brand
Speaking of big names, the top-ten brands phishers used as a disguise in 2020 were:
- Microsoft (related to 43% of all brand phishing attempts globally)
- DHL (18%)
- LinkedIn (6%)
- Amazon (5%)
- Rakuten (4%)
- IKEA (3%)
- Google (2%)
- Paypal (2%)
- Chase (2%)
- Yahoo (1%)
So be particularly attentive when you receive suspicious, urgent, or threatening emails from these companies.
5. The Email lacks detail
A clear sign of a phishing email is one where it sounds urgent, yet there isn’t enough information to sound specific to an account, even if one exists. Thanks to data protection laws, your bank or service provider doesn’t show you all your account details in any emails, which is natural because it isn’t the most secure method of communication.
Neither do phishers, but unlike trustworthy sources that avoid distributing your personal information, these cybercriminals simply don’t have enough of it. And that’s why they want to fill in the gaps by phishing information from you.
6. The Email has grammatical and stylistic errors
Compared to professionally crafted email marketing or customer service emails, phishing attempts often skimp on details. Never underestimate the importance of noticing when font, formatting, or other aspects of an email appear inconsistent and poorly put together. More often than not, these are signs that an email is a scam.
7. The Email contains URLs with malformed prefixes
If you click on the address bar, you’ll see that all URLs, or web addresses, start with the same set of letters and symbols – prefixes. It’s usually HTTP (not secured connection) or HTTPS (secure connection), followed by a colon and two slashes (://). Now, phishers have even learned to use these symbols to their advantage!
In October 2020, the first instances of using the malformed prefix http:/\ were noticed in phishing emails, and since then, the number keeps growing. The trick is that spam filters aren’t set to “catch” addresses that start with http:/\. If the email does come through and a person clicks the malformed URL, the web browser will direct them to a malicious website, where they most certainly will be asked to provide credentials to “log in”.
- Before clicking on email links, hover over them with your cursor, and in the bottom-left corner, you’ll see the full web address. Check it for the http:/\ symbols and other inconsistencies like “amozon” or “alidaba”.
- Mark this email as “spam”, and the filter will remember it shouldn’t show you any more similar messages.
And sometimes, phishers put all their tricks together to deliver something like this:
- Has automatically landed in the Spam folder
- Exudes a sense of urgency
- Contains no details
- Is poorly formatted
- Has a subject line that seems disturbing
So be attentive, and take everything you see in emails with a grain of salt.
What if it was a breach?
Sadly, phishing is gaining momentum. 36% of data breaches involved phishing this year, says Verizon in its 2021 Data Breach Investigations Report (DBIR). In 2020, phishing accounted for 25%, and we, of course, have the COVID-19 pandemic to thank for this 11% increase.
There’s not much you can do to protect yourself from data breaches but change your credentials as soon as you discover they’ve been stolen. And Clario can help you with that, just try it today.
To see if your credentials have been breached:
1. Open the Clario app.
2. Go to Identity and select Data breach monitor.
3. Add the email addresses you want to check.
4. If there are any breaches, Clario will prompt you to go to the breached website and change your credentials.
* * *
We hope this article has shown you what a phishing attempt is and how to spot suspicious emails. Now you know more about staying safe online, dig deeper into what we call “The Internet of Us”.
Meanwhile, at Clario, we’re hard at work on creating a first-class tech solution for your digital safety, combined with expert human support on call 24/7. We’re eager to help and support you, so stay tuned for more updates!