The world of cyber crime is very well organized. Criminals work with experienced programmers and underground internet networks to develop ways of hacking you or stealing your personal information. However, these criminals still require you in their plans in order to succeed. The easiest way for them to engage you is through phishing, but if you are careful, you can detect the indicators of a phishing email before you get caught in their trap.
In the example below we will highlight the different indicators of a phishing email, so as to give you the knowledge for detecting an attack. You can also download a PDF version here.
In this example, it appears that the e-mail comes from a legitimate business, but the “FROM” address is someone’s email account. Additionally, the “CC” field contains another address from someone you may or may not know or work with on a daily basis. It is good practice to be aware of the sender’s e-mail address and who may be copied on the e-mail, as well.
Only click on those you are expecting. Cyber criminals hide malicious programs in phishing e-mails to hack your computer.
“Dear Customer” or e-mails that use other generic greetings can be a indicator of an attack. If a trusted organization has a need to contact you, they will know your name and information.
Most businesses proof read their messages carefully before sending them. Always read e-mails carefully.
This is a technique used by criminals to rush people into making a mistake. Stop and think before you act on the request in the e-mail.
In this example, it appears that the link is a valid one. However, when the mouse pointer is hovering over the link, it shows the true destination of where you would go, if you clicked it. If the destination is different to what is shown in the email, this is an indicator.
- If a similar e-mail comes from your friend then it does not mean that they sent it. Your friend’s computer or e-mail account may have been compromised. If you get a suspicious e-mail from a trusted friend or colleague, contact them on the phone.
- In the case of spear phishing, the cyber criminal may already know some information about you. Remember that companies will not contact you via e-mail to confirm your personal information. Always contact the company on the phone, if you receive a suspicious e-mail. DO NOT use the phone number listed in the e-mail. Instead use a trusted telephone directory service or official website to obtain the number.