Security
This is how to recognize phishing emails

This is how to recognize phishing emails

Phishing continues to be a prominent cyber attack. More and more people are being targeted. Figures from VRT show that. It is estimated that 40% of Belgians have been victims of a Phishing attack at some point in their lives. Unfortunately, cybercriminals are getting smarter and are gaining access to more sophisticated systems. That’s why it’s important to have a keen eye to recognize them right away and be able to respond correctly. In this blog, you will learn how to recognize Phishing emails!

But first of all:

What is phishing?

Phishing is a form of cybercrime in which attackers try to steal personal information by impersonating a trusted organization. They send emails or text messages that look like they come from a well-known organization, but in reality are fake. Their communications ask the recipient to click on a link or enter personal information. If the recipient does this, then the catch is in for the hacker.

Resulting in all the unpleasant consequences:

  • Access to your account(s). (multiple if you use the same password for all your services)
  • Financial loss
  • Reputational damage
  • Installation of malware
  • Disruption of your business processes

Did you know that there are many different types of Phishing? In this blog you will find an overview of different types of Phishing!

How do you recognize phishing emails?

There are a lot of distinguishing points you can look for to recognize phishing emails:

The Sender

  • This is often where the Phishers’ canvas falls. They try to get around this by making small typos in the email address. For example:

Correct: safe-connect312@safe-connect.com

Fake: safe-connect3l2@safe-connect.com

Suspicious URLs

  • The purpose of a Phishing email is to steal your information. When you click on a link, you are taken to a mock landing page. Here you are often asked to log in or leave banking information. Always check the URL in the address bar at the top. As with the e-mail address, they make small mistakes here to make it harder to notice. For example:

Correct: https://safe-connect.com/nl/cybersecurity/

Fake: https://safe.connect.com/nl/cybersecurity/

  • Getting to see the URL before you click on it? You can! Hover your mouse over a link and you will see at the bottom left which web address you will be directed to. Does it look suspicious? Then definitely don’t click. If your mail system uses security, you won’t be able to read the link at the bottom left. Then you will see the original URL underneath your mouse.

Are you on a smartphone or tablet? Then you can press the link until a window pops up. It tells you which URL is behind it.

  • Sometimes they use shortened links. They do that with services like bitly.com or google itself. Those links then look like this: https://bit.ly/2Qm1fcB . That’s why you have to be extra careful in this case.

Malicious attachments

  • When in doubt about an e-mail, never click on an attachment. They may contain malicious software. For example, it could be Malware or Ransomware. The following file types ring an additional alarm bell:
    • .zip: is a type of file to put multiple programs and files into 1 folder. It is often used to hide rogue software.
    • .doc(x) .xls(x): An Excel or a Word document? Doesn’t seem dangerous at first glance. But if, after opening it, you get the prompt to allow macros, you know it’s off the hook.
    • .exe: is an executable file. That often doesn’t mean anything good. Once you open it, you don’t know what is being executed.
    • .vbs .wsh .asp .js .wsf .scr .jar: Never install these types of files. These are script files that can inject malware into your computer.

The message

  • Phishing emails are often poorly designed. Look for spelling mistakes, odd wording or poor layout.
  • The email or text message asks for personal information, such as passwords, credit card numbers or bank information. Trustworthy organizations will never ask for this information.
  • The content of the phishing message carry some form of urgency. For example, you only get a few days to perform an action. Do you fail to do so? Then they threaten to block your account. Be sure not to get scared and always check the sender.
  • Hackers like to make you curious. They ask questions like “is this you in this picture?”. Or entice you to click by worrying you with “look what I read about you”. Be sure not to get caught, this is always Phishing.
  • The message is unexpected. Often hackers try to reach multiple people with a general mail. This is often done, for example, when delivering packages. You get the message that you have to pay, otherwise the package will be returned.

Want to test your knowledge in practice?

We offer realistic phishing simulations for businesses. This allows you to know how well your organization is protected against this type of cyber attack.

Find out how we create a realistic phishing simulation for you