How to spot a phish

Spotting a Phish

These really are strange times that we are living in just now. As Albert Einstein once said, “In the middle of difficulty lies opportunity” and this pandemic has presented lots of opportunity to cyber criminals.

From fake emails from organisations such as The World Health Organisation claiming to give advice or help you track infected people to the more standard emails aiming to steal usernames and logins, we are seeing an increasing number of phishing campaigns. We’ve even seen the good old “Nigerian Prince” email with a COVID-19 slant. In addition, organisations are using new tools, such as Zoom and Microsoft Teams which may well lead to users receiving emails that they are not used to seeing and this presents a great chance for the scammers to try their luck.

So how do you spot a phishing email? Well, the answer to that is not always an easy one, but there are definitely some common indicators to look out for.

Let’s take a look at a couple of examples

One is real, and one is a genuine phishing email. At first glance can you spot the real one?

The email on the left is a phishing email, and once we look more closely, we can spot some of the tell-tale signs.

Is your email personalised?

Firstly, the fake email is addressed to “Dear Customer” rather than an individual. Always treat emails that do not use your name with suspicion. Most companies want to interact with the person, they want to make you feel special and the easiest way to do that is to use your name where possible. Typically, cyber criminals probably don’t know your name, they only have your email address.

Is it just addressed to you?

Another big give away in this fake email is the fact that it has been sent to “undisclosed recipients” rather than just one individual. If your Prime subscription is due for renewal, Amazon won’t be sending one email to everyone who’s renewal is due, they will send out individual emails.

What's the sender address?

The biggest giveaway is the actual email address that the email has come from. Although the “From” field says that it is from Amazon, closer inspection shows that it has actually come from “e-commercpanysenko.app-sino40994de0049224@personalaccount4.com”. It is important to check the actual sender address on any email that you are not sure about.

What's the context?

Cyber criminals are getting more sophisticated in making their emails look genuine. No longer can you rely on the fact that the email might be full of spelling or grammatical errors. Now, more than ever, it is important to focus on the context of the email. Take the above example. If you signed up for Amazon with your personal email and this arrived in your work email inbox, you should instantly be suspicious. Why would Amazon email a different account? Do they even have your work email address? The same can be said for any service. Zoom, Microsoft Teams or any other service should only email the account that you used to sign up. When you get an email about a password reset or problem with your account, try to remember what address you used to sign up for that account with.

Browse don't click

Also, it is always best not to click on the link even if you do think the email is genuine. Instead, open your web browser and visit the service that way. If there is a problem, it will be highlighted there.

Report it

Hopefully these tips can help keep you safer online at this time. If you do get a suspected phishing email the National Cyber Security Centre (NCSC) has a launched a new reporting service for suspicious emails. Simply forward the email to report@phishing.gov.uk and they will investigate and take down any phishing websites. Within just 2 weeks of launch the public has already flagged over 160,000 suspicious emails which has resulted in the removal of over 300 fake websites.