How to Identify Phishing Emails

Acquiring sensitive information by
masquerading as a trustworthy entity

Fake, Fraudulent, Spoofing Emails
Examples to help you identify Phishing Attacks

Updated: July 6, 2023
By: RSH Web Editorial Staff

Contact Us

Phishing and Fake Emails
Menu

Phishing Emails and Scams

It is estimated that more than 100 billion emails are sent every day
And If it feels like you receive impostor emails faster than you can hit delete, you are not alone. Hackers and Scammers love to send fake emails. Mixing them right in with authentic emails, and your wondering if you can afford to ignore them. Or at least, you think those emails actually came from your friends and family, on-line stores or your bank. How can you know they are legitimate and not actually an email scam or what we call a "Phishing Scam"

What Is Phishing?

Phishing is a large scale attack where a hacker will forge emails, so it looks like it came from a legitimate company (e.g. your Bank or PayPal). With the intention of tricking the unsuspecting recipient into downloading malware or entering confidential information into a phishing website

(A website pretending to be legitimate which actually is a fake website used to Scam people into giving up their information)

Phishing attacks can be sent to numerous email recipients in the hope that even a few responses will lead to a successful attack

What Is Spear Phishing?

Spear Phishing is phishing, but normally involves a specific attack against an individual or organization. The "Spear" refers to a spear hunting style of attack. Often with spear phishing, the attacker will impersonate an individual or department from within the organization. For an example you may receive an email that looks like it is from your IT Department saying you need to re-enter your passwords on a specific site, or maybe one from the HR department with a “new benefits package” attached

Why Is Phishing Such a Threat?

Phishing poses a big threat because it can be very difficult to identify these types of emails. Studies have found as many as 94% of employees can not tell the difference between real and phishing emails. Because of this, as many as 16% of people click on the attachments in these emails, which can contain malware. Just in case you think this might not be that big of a problem

A Data Breach Investigations Report’s Phishing Statistics, 30% of phishing messages are opened by targeted users, and 12% of those users click on the malicious attachment or link

A recent study from Intel found that a whopping 95% of attacks on enterprise networks are the result of successful spear phishing

According to the Webroot Threat Report, nearly 1.5 million new phishing sites are created each month

Clearly spear phishing or scam emails should not be taken lightly

It is difficult for most people to tell the difference between real and fake emails. While most of the time, the obvious clues are misspellings and or .exe file attachments. Other emails have hidden EXE attachments. One such popular example is having a "Word" file attachment which executes a macro once opened is impossible to spot but just as fatal

Small Business Hosting

Even Experts can Fall for Phishing

In a study by Kapost, it was found that 96% of CEO and Executives worldwide failed to tell the difference between a real and a phishing email 100% of the time. Even security conscious people can still be at risk. And the risk is higher if there is not any knowledge on this subject

How Easy it is To Create a Fake Email

Simple by downloading an SMTP tool I can create a fake email address I can start sending fake emails from almost any email program. This is just how easy it is for a hacker to create an email address and send you a fake email where they can steal personal information from you. The truth is that any business name, or even you can be impersonated anyone and anyone can impersonate you without too much difficulty

How to spot fake Emails

A few guidelines that can help you spot the real from the fake email

Impersonal, Generic Greetings
A few examples are “Dear user” or “Dear [your email address]”
Emails such as from PayPal will always address you by your first and last names or by your business name
They never use greetings like "Dear user" or "Hello PayPal member"

Links that take you to a Fake Website

If there's a link in an email, always check it before you click. A link could look perfectly safe like
https://rshweb.com/blogs-articles
But if you hover your mouse over the link to see the actual destination:
http://spoffingyou.com/we-just-got-you
If you are not certain, do not click on the link. Just visiting a bad website can and will infect your machine

Containing Unknown Attachments

Do not EVER open an email attachment unless you are sure of who it came from, or you know it is legitimate and safe. Be particularly careful of "Invoices" from businesses you are not familiar with. Some attachments contain viruses that install themselves when opened

Conveys a Fake Sense of Urgency

Phishing emails can warn you that your account needs to be updated immediately. They are hoping you will fall for their sense of urgency and ignore warning signs that it is just another fake email

Common examples of Spoofed Emails

"Your Account Has Been Locked"
"Suspended Account"
"Your account is about to be suspended"
"You've been paid"
"You have been paid too much"
"Update Your Official Record"
"Click to Learn More"
"Restart Your Membership"
"You Missed a Delivery"
"Confirm Your Account"
"Tax Refund"
"Refund Due to System Error"
"Click to See Your Revised Salary"
Sent "From" Recipient's Bank
Sent "From" Recipient's CFO
Sent "From" Recipient's CEO

Many phishing emails only need just one click to give the Hacker access to your computer system

Identify Phishing or Spoofed Emails

A few more tips to remember

Do not trust the display name
Do not click on links you do not know who sent you the email
Look for spelling mistakes
Beware of urgent or threatening language, especially in the subject line
Review the signature
Never click on attachments
Do not always trust the header from email address

Digital Certificates

A Digital Certificate is similar to a virtual passport. It tells them that you are who you say you are. Digital Certificates are issued by Certificate Authorities (CAs). In the same way a government would check your identity before issuing a passport, a CA will have a process called vetting which determines you are the person you say you are. There are multiple levels of vetting. At the simplest form, we check that the email is owned by the applicant. On the second level, we check identity (like passports etc.) to ensure they are the person they say they are. Higher vetting levels involve also verifying the individual’s company and physical location

We welcome your comments, questions, corrections and additional information relating to this article. Please be aware that off-topic comments will be deleted.
If you need specific help with your account, feel free to contact us anytime
Thank you

COMMENTS

June O
Nice post RSH Web. It is very helpful for new users


Rob P - Argentina
Thank you for covering the phishing topic


Tweet  Share  Pin  Email

More Articles Of Interest

For your business, home or just personal use. Since 1997 RSH Web Services has offered the best hosting services