Tech Blog

The Hitchhiker’s Guide to ‘phishing’ emails

This article was originally published on our sister website: redkitewebsites.co.uk

Phishing emails have become a daily scourge of our inboxes. I personally often get 20 or more a day.

Phishing emails have been used as a means of enabling hackers to gain access to computers since the mid-1990s, and they’re becoming ever more sophisticated.

The word ‘Phishing’ literally means ‘fishing for information’ – in many cases, the information being sought is passwords and email addresses. A hacker may then use those to log in to your computer, your company network, your cloud software and websites etc.

If you or any member of your staff click on a link contained within such an email, it’s possible that a virus or malware will be installed, which could compromise the security of your network.

Many companies believe that the answer to these problems is anti-virus software. In some cases it is; anti-virus software can detect many threats. But some of the malware can go ‘under the radar’ and won’t be detected – or at least, not before it steals some of your information.

First things first…

Don't Panic! (Big, Friendly Letters)

The actual answer lies in education: we can teach ourselves and our staff to recognise a fake or ‘phishing’ email.

There are some basic rules to follow:

  • CHECK the sender’s name and email address. Are they correct?
    • Phishing emails often appear to be sent from someone you know or trust. If it is, call, text or even speak to them to ask if they did actually send it.
    • It might not be from someone you know personally, it might appear to be from a complete stranger, your Bank or Credit card, Facebook, Amazon or anyone else. See ’emails from popular websites’.
  • CHECK the address that the email has been sent to; is it your personal address or a generic company address?
  • CHECK the ‘Reply To’ address, if there is one. This tells you who the email will go back to if you click ‘Reply’.
    The easiest way to find this out is to click ‘Reply’ at the top of your email software. The address that appears in the ‘To’ field is the one who will receive your reply.
  • CHECK the sending domain. This is the bit after the ‘@’ in the ‘From’ field.
  • DON’T open attachments without checking them first
    • CHECK the file type first – if it ends in .exe or .zip then treat it with extreme caution.
    • If it’s a .doc or .docx, or it asks for a password, or a message alerts you to a macro, then don’t open it.
  • NEVER EVER click on any links within the email. Especially if they are links to ‘log in’, ‘view your account’ or ‘download your document’.
    • There are ways to check whether they’re valid, which we’ll continue on to.

How to check an email for validity

  1. Check the sender’s name and address in the ‘From’ field
    The sender’s name looks correct, but the email address is not what we’d expect. The address they’ve used is dhl@tryconsolidated.com. Genuine emails from DHL generally come from ‘support@dhl.com‘. The example below looks wrong!
  2. Check the recipient’s name and address in the ‘To’ field
    The example below was addressed to my company, not to me personally. This is often the case with phishing emails.
Email sender and recipient checking

The example below is an email which looks genuine at first glance. But there are several things which would make me suspicious:

  1. Generic greeting. If it was genuine, I’d expect ‘Dear Kelly’, or ‘Dear Mrs Teagle’. A generic greeting is suspicious as it’s clear that they don’t have my name.
  2. “You have a package on its way” This would be down to common-sense, did I have a package coming, and was I expecting it to be delivered by DHL?
  3. “Click here to view your invoice” Why would I get an invoice for a package sent to me? I’d expect one if I was the sender, but not the recipient.
  4. “For customer service, simply click right here” Okay, a genuine email from DHL might have this link, but I’d always check it first, to be sure.
Phishing example email

Checking the links

The links are often a dead giveaway that an email is a phishing attempt. Without clicking it, roll the mouse over one of the links, as below:

Email phishing link example

Somewhere near the bottom of the screen, you’ll see the web address that the link points to.
You’ll see that the link is to http://exmarkdemomower.com with a random sequence of letters and numbers on the end. This link doesn’t look right at all!
If this was genuine, I’d expect the link to start with https://www.dhl.com or http://www.dhl.com

So, we can surmise from that, that the email is NOT genuinely from DHL, and is very likely to be a Phishing email.

The other way they catch you out is to use a URL that looks very similar to the real one. For example, they might mis-spell DHL in the web address e.g. www.dlh.com or www.amazzon.com.

OR they use a sub-domain e.g. http://amazon.businessgiveaways.com. Unless you look closely at the web address, you might not spot the difference.

Those websites will probably also be set up to look almost exactly like the genuine websites.

So, to protect yourself:

DO NOT CLICK ON ANY OF THE LINKS!

The Golden Rules

  • ALWAYS treat email with suspicion.
  • Check it carefully using the guidelines above, and make sure it’s genuine before you click any links or open any attachments.
  • If it asks you to go to a site, or to enter your login details, DON’T DO IT.
    Instead, go to your web browser, and go directly to the website by typing in its web address, then log in once you’re sure you’re on the right site.Following these golden rules could prevent a disaster in your business, and save your data!

Emails from popular websites

Often, emails will appear to come from popular websites, or companies that you trust. These include banks, credit card companies, Amazon, eBay, Facebook, Twitter and many more.

The thing that catches people out is that such emails often look EXACTLY like a real one. Telling the difference is hard.

The secret with these is to NEVER use any links within the email. Instead, go to your web browser and type in the web address yourself. This takes a bit more effort, but it will protect you from phishing scams