How to Identify
Fake, Fraudulent, Spoof or Phishing Emails

Updated: May 9, 2019
By: RSH Web Editorial Staff
Horde vs Roundcube

Categories

It is estimated that more than 100 billion emails are sent every day
And If it feels like you receive impostor emails faster than you can hit delete, you are not alone. Hackers and Scammers love to send fake emails. Mixing them right in with authentic emails and you wondering if you can afford to ignore them. Or at least, you think those emails actually came from your friends and family, on-line stores or your bank. How can you know they are legitimate and not actually a Email scam or what we call a "Phishing Scam"

What Is Phishing?

Phishing is a large scale attack where a hacker will forge an email so it looks like it comes from a legitimate company (e.g. your Bank or PayPal). With the intention of tricking the unsuspecting recipient into downloading malware or entering confidential information into a phishing website
(A website pretending to be legitimate which actually is a fake website used to scam people into giving up their information)
Phishing attacks can be sent to a large number of email recipients in the hope that even a small number of responses will lead to a successful attack

What Is Spear Phishing?

Spear phishing is phishing but normally involves a specific attack against an individual or organization. The "Spear" refers to a spear hunting style of attack. Often with spear phishing the attacker will impersonate an individual or department from within the organization. For a example you may receive an email that looks like it is from your IT department saying you need to re-enter your passwords on a specific site, or maybe one from the HR department with a “new benefits package” attached

Why Is Phishing Such a Threat?

Phishing poses a big threat because it can be very difficult to identify these types of emails. Studies have found as many as 94% of employees can’t tell the difference between real and phishing emails. Because of this, as many as 16% of people click on the attachments in these emails, which can contain malware. Just in case you think this might not be that big of a problem

A recent study from Intel found that a whopping 95% of attacks on enterprise networks are the result of successful spear phishing
95%
Clearly spear phishing or scam emails should not be taken lightly

It is difficult for most people to tell the difference between real and fake emails. While most of the time the obvious clues are misspellings and or .exe file attachments. Other emails have hidden exe attachments. One such popular example is having a "Word" file attachment which executes a macro once opened is impossible to spot but just as fatal

Even Experts can Fall for Phishing

In a study by Kapost, It it was found that 96% of Ceo's and Executives worldwide failed to tell the difference between a real and a phishing email 100% of the time. Even security conscious people can still be at risk. And the risk is higher if there is not any knowledge on this subject

How Easy it is To Create a Fake Email

Simple by downloading a SMTP tool I can create a fake email address I can start sending fake emails from almost any email program. This is just how easy it is for a hacker to create an email address and send you a fake email where they can steal personal information from you. The truth is that any business name or even you can be impersonate anyone and anyone can impersonate you without to much difficulty

How to spot fake Emails

A few guidelines that can help you spot the real from the fake email

Impersonal, Generic Greetings
A few examples are “Dear user” or “Dear [your email address]”
Emails such as from PayPal will always address you by your first and last names or by your business name
They never use greetings like "Dear user" or "Hello PayPal member"

Links that take you to a Fake Website

If there's a link in an email, always check it before you click. A link could look perfectly safe like
rshweb.com/wordpress-hosting
But if you move your mouse over the link to see the actual destination:
http://spoffingyou.com/wejustgotyou/1672923
If you are not certain, do not click on the link. Just visiting a bad website can and will infect your machine

Containing Unknown Attachments

Do not EVER open an attachment unless you are sure of who it came from or you know it is legitimate and safe. Be particularly careful of "Invoices" from businesses you are not familiar with. Some attachments contain viruses that install themselves when opened

Conveys a Fake Sense of Urgency

Phishing emails can warn you that your account needs to be updated immediately. They are hoping you will fall for their sense of urgency and ignore warning signs that it is just another fake email

Common examples of Spoofed Emails

"Your Account Has Been Locked"
"Suspended Account"
"Your account is about to be suspended"
"You've been paid"
"You have been paid too much"
"Update Your Official Record"
"Click to Learn More"
"Restart Your Membership"
"You Missed a Delivery"
"Confirm Your Account"
"Tax Refund"
"Refund Due to System Error"
"Click to See Your Revised Salary"
Sent "From" Recipient's Bank
Sent "From" Recipient's CFO
Sent "From" Recipient's CEO

Many phishing emails only need just one click to give the Hacker access to your computer system

Identify Phishing or Spoofed Emails

A few more tips to look out for

Don’t trust the display name
Look but do not click on links you do not know who sent you the email
Look for spelling mistakes
Beware of urgent or threatening language especially in the subject line
Review the signature
Never click on attachments
Do not trust the header from email address

Digital Certificates

A Digital Certificate is similar to a virtual passport. It tells them that you are who you say you are. Digital Certificates are issued by Certificate Authorities (CAs). In the same way a government would check your identity before issuing a passport, a CA will have a process called vetting which determines you are the person you say you are. There are multiple levels of vetting. At the simplest form we check that the email is owned by the applicant. On the second level, we check identity (like passports etc.) to ensure they are the person they say they are. Higher vetting levels involve also verifying the individual’s company and physical location


Tweet  Share  Pin  Tumble  Email

1997 - 2019  |  RSH Web Services  |  All Rights Reserved.