How To Spot Phishing Email


spam email signs

Is this a scam?



As scammers and hackers get more sophisticated, it becomes increasingly difficult for security professionals to prevent breaches. To make matters worse, attacks via email target the weakest part of every network or system, the user.



Hacking attempts that occur via non-programmatic means that specifically seek to exploit users are known as social engineering. This form of attack is much more successful than SQL injections, cross-site scripting, and buffer overflow attacks. To avoid a catastrophe it is imperative that all company employees are trained on techniques to spot phishing emails.



Here are some effective ways to spot phishing emails, with varying levels of difficulty. Some will require a little bit of familiarity with how hyperlinks work.



Be sure the email domain matches the company



Chances are, if you are receiving a message from Microsoft about the company's Office 365 subscription, the email will come from their automated messaging services. These messages will always come from a domain name with the word 'Microsoft' in it.



If the domain name of the sender is something like @homersoft or @mickro-soft and they are claiming to be with Google, it's a scam! Don't click on any of the links or download any images. If you get trigger happy and click a link, make sure you don't enter any credentials into the site you are taken to.



Lookout for Evernote Emails



Evernote scam emails have been going out increasingly often. So much so that the company has taken notice and published a list of trusted domains. If you receive an email claiming to be from Evernote, and it is NOT one these listed below, its a scam.



  1. @account.evernote.com
  2. @comms.evernote.com
  3. @discussion-notification.evernote.com
  4. @emails.evernote.com
  5. @evernote.com
  6. @mail-svc.evernote.com
  7. @messages.evernote.com
  8. @notifications.evernote.com
  9. >@nsvc.evernote.com


Be aware of the Weebly scam



Weebly is a domain registrar, similar to GoDaddy and Amazon Web Services that allows you to create domain names that can be used to access a website. The company also offers a free subdomain service that hackers have exploited to pose as legitimate companies. Here is how the scam works.



The hacker discovers who a company's affiliates are (vendors, strategic partners, etc.) and creates a Weebly subdomain that matches the company's name exactly. Here is an example scenario.



Mason's Music uses Super Easy CRM for its project management efforts. A hacker discovers this and creates a free Weebly subdomain named supereasycrm.weebly.com. The hacker then uses LinkedIn to find someone in the accounting department and sends them an email from supereasycrm.weebly.com asking them to provide an updated password for their account. The accounting department complies, and the company has now been breached.

These emails look legitimate and may even include names of people the victim has worked with recently making the attack almost impossible to spot for those who are unaware of the threat.



Be wary of emails claiming to have an encrypted message or document



encrypted email scam

Unless you work in healthcare, finance, or some other highly regulated industry you probably won't need to send or receive encrypted emails. If you do, however, regularly receive such emails pay attention to the vendor listed as the encryption service. If it's one that you don't recognize, let the IT department know so they can validate it.



Pay attention to the url that populates when you hover a link



Scammers can very easily embed a link within some very deceptive text. See I just did it here. Click here to renew your subscription to this service. Although the text would lead you to think you are going to renew a service when you hover over it, the URL that populates in the tiny box at the bottom takes you somewhere else entirely.



If you land on a site, check the grammar



phishing site

Many times hackers develop sites that are not in their native language. This is done to increase the breadth of their attack. Because of this, they sometimes rely on poor translation services that result in grammatical errors.



One error doesn't mean it's a scammer's site but multiple grammatical errors or poor consistently poor punctuation is a dead giveaway.



Check for images with poor quality



Distorted and warped images throughout a website are telltale signs of a scammer's page. Companies like Microsoft, Google, Super Easy CRM, Facebook, and others spend tons of time and money on the look and feel of their site.



Company web pages go through rigorous quality assurance before they are published. So any site claiming to be affiliated with an established company that contains low-quality images is likely a fake.



Educated and skeptical users are the best defense against scam emails. Doing a quick scan of each email you receive may slow your workday down but it can help thwart an attack that could cost the company millions.



Matt Irving is the CEO of Super Easy Tech, LLC.
 
Matt is the CEO of Super Easy Tech and creator of Super Easy CRM. He is a passionate software engineer, tech blogger, and gamer. Feel free to connect on any of the platforms listed below.

Posted by: Matt Irving on 05/23/2022