4 Tips for How to Identify Phishing Emails

Every day, you face a never-ending stream of messages on your personal and work email accounts. This can include communications from colleagues, clients, loved ones, retailers, and even your financial institutions. However, not all emails are from people you know or want to hear from — sometimes, they are phishing emails from scammers who want your personal information to gain access to your accounts.

In a nutshell, phishing emails are malicious social engineering attacks that attempt to solicit information from unsuspecting users. They do this by creating emails that appear to come from legitimate people or companies to lure them into clicking on a link. The link then takes them to a fraudulent website that is designed to look like the real deal. There, users will be asked to provide personal details or account information to “verify” their identity or validate their account.

But, if these bad emails are disguised to look like legitimate messages, how can you tell the difference and prevent phishing attacks?

Phishing is the entry point for virtually any advanced persistent threat (APT) cyber kill chain. A cyber kill chain, a military term for identifying tactics that enemies use to attack their targets, is one method cybersecurity professionals use to identify phases of a cyber attack. Ideally, the earlier in the kill chain an attack is recognized, the better it will be for the intended victim and their company.

As a provider of phishing protection services, we’ve put together a few tips on how to identify phishing emails using yourself, your employees, and your technology.

4 Tips for How to Identify Phishing Emails
1. Examine the Subject Line 
2. Look for Typos and Misspellings 
3. Identify Urgent or Threatening Emails
4. Be Cautious of Unsolicited Rewards or Offers in the Subject Lines 

1. Examine the Subject Line

A few great examples of phishing email subject lines were published in KnowB4’s Top 10 General Subjects list for Q3. These phishing email examples include subject lines such as:

  • “Password Check Required Immediately
  • You Have A New Voicemail
  • Your order is on the way
  • Change of Password Required Immediately
  • De-activation of [[email]] in Process
  • UPS Label Delivery 1ZBE312TNY00015011
  • Revised Vacation & Sick Time Policy
  • You’ve received a Document for Signature
  • Spam Notification: 1 New Messages
  • [ACTION REQUIRED] - Potential Acceptable Use Violation”

Anything that drives urgency, through any combination of rewards and fear, should be a red flag. The use of urgency in phishing scam emails is a tactic commonly employed by phishers to generate the most clicks from their intended victims. We’ll discuss this more in the third section of this article.

2. Look for Typos and Misspellings

It’s common to joke about email scammers using poor grammar and spelling in their emails, but it’s based in a grain of truth. However, it’s not necessarily always because the hacker doesn’t know how to spell or write correctly — sometimes, the truth is more complex.

Email scammers will use subtle spelling “mistakes” to subvert spam filters as part of their phishing tactics— such as two uses of the letter “L” in PayPal. The idea is that using subtle intentional spelling errors may go unnoticed by the user, allowing the hacker to bypass security protections and get users to click on fake URLs. These misspellings can be found in virtually everything — email subject lines, URLs, and even email addresses.

For example, look at the following phishing email subject lines:

Subject: Marriott had a data breach and you may be one of the 500M.

Subject: Marrįott had a data breach and you may be one of the 500M.

Subject: Marríott had a data breach and you may be one of the 500M.

Subject: MARRlOTT had a data breach and you may be one of the 500M.

In the example above, only one instance is spelled with the real spelling of “Marriott.” Do you know how to identify phishing emails based on the above example? Look closely at the letter “i” in each instance. The first is the correct spelling — the other three use “í,” “į” or a lowercase “L” in place of “i.” However, to the average user glancing quickly at their email subject lines, they cannot distinguish between them.

As an anti-phishing services provider, Clearedin attacks the phishing problem by using artificial intelligence to understand an organization’s communication patterns. The Clearedin platform then develops a framework that identifies legitimate communications from potential phishing attempts with tremendous accuracy — flagging them and locking down emails to eliminate threats before they can cause irreversible damage.

3. Identify Urgent or Threatening Emails

We mentioned in a previous article that phishing emails commonly try to get people to behave haphazardly rather than exercise caution. This tactic is frequently accomplished by writing email subject lines and body content that make users react with fear; it motivates them to click on a link in an email without first thinking about the consequences of their actions.

Phishing email subject lines are much like a “stranger danger” situations concerning an adult predator with little kids. Picture a kid walking home from school. The child, who is approached by an adult stranger claiming to be a friend of their parents who has been sent to pick them up, may initially be hesitant to believe the adult and go with them. However, if the adult then acts mad and says that he will tell the child’s parents that the kid isn’t behaving, the child may fear getting in trouble and agree to go with the predator.

Phishing scams work much the same way by making users think: I’d better go to the website they provide right away to fix an issue with my account!

A few fear-driven phishing email examples that you can review to learn how to identify phishing emails include:

  • Your account will be deleted in 24 hours due to inactivity
  • Your Amazon Prime free movie offer will expire tomorrow
  • Your [[Company Name]] account has been hacked
  • Your Low Balance Alert from Chase

Clearedin provides a robust, multi-layered system of defense to protect your organizational communications from phishing emails. No longer do you have to depend on the user analyzing emails and hoping they can differentiate valid messages from phishing communications. Our platform knows how to identify phishing emails and allows us to scan suspicious emails for common phrases and words that are frequently used in phishing attacks.

Our anti-phishing services will highlight these critical terms for the user to call attention to them. Furthermore, Clearedin locks the email so the user can’t click on or engage with it.

 

4. Be Cautious of Unsolicited Rewards or Offers in the Subject Lines

Phishing scams often promise attractive rewards and make other false offers to lure users to click on their messages. Scammers prey on the weaker side of human nature by offering promises of gifts or free services that they will struggle to turn down. Ask yourself: Do you really believe that you just won a free cruise when you’ve never entered a drawing? Or, do you think people are giving away their services for free when you never reached out to them in the first place?

While most solutions focus on employee training and the cumbersome process of auto flagging nearly every email that comes through, they are still inefficient. That’s why we created Clearedin.

Clearedin is a non-intrusive platform that integrates with Google's G Suite to provide an Active Defense against phishing scams. Clearedin’s anti-phishing services analyze your email meta data to create an organizational trust graph to identify potentially good users from bad users. Using advanced simulation software, the platform learns to recognize acceptable and suspicious patterns of activity to spot phishing emails.

Clearedin offers best-of-class cybersecurity protection that serves as a perfect line of defense against malicious users. Contact a Clearedin representative today to learn more!

New call-to-action

Knowledge of Phishing Scams ...

Subscribe for updates

Get weekly updates on phishing and other web attacks