When it comes to Phishing attacks, there are a number of angles that cyber criminals use, the main ones being: email messages, websites, and phone calls which are all designed to steal your hard-earned money. Whether this is through tricking you into installing malicious software onto your computer or entering in bank information into a clone of a website, hoping to fool you into thinking it’s the real deal.
However, simply asking you to download some software or enter your bank information won’t work the majority of time, so this is where social engineering comes into play. Social engineering, if done well can convince you to install software or hand over your personal information, through well-crafted emails and websites. The cyber criminals are replying on you to quickly glance at the links and websites and think yes that looks about right. Sometimes they may even contact you by phone and try and get you to divulge your bank details by pretending to be your bank and asking for verification information.
What does a phishing email look like?
Now that we know what phishing and social engineering is all about, what does a phishing email look like? Below is a basic email that I received. At first glance, it seems that it’s an email from Metro Bank. And that I have to go and click on the link and follow the instructions to receive the credit.
However, there are a number of issues with this, first. I don’t bank with Metro bank, secondly, the ‘To:’ header has ‘Undisclosed recipients’ in the field. Thirdly there’s no logo and straight to the point.
If we open up the email and look at the source of the email we see a bit more information, in the highlighted section, we can see that the link actually goes to a URL that has been shortened to try and hide the fact that it’s not going to Metro Bank. A bank would never do this.
Although this email is very basic in nature, you may see emails from Amazon, UPS, FedEx and more, if you haven’t ordered a parcel, and are not expecting a delivery, be very cautious of clicking on links.
What to look out for?
So, what are the main points you should look out for in a Phishing email?
- Spelling and bad grammar, this is usually the number one identifier of something not being quite right with an email. Criminals are not known for their grammar and spelling. If you notice mistakes in an email, it might be cause for concern.
- Beware of links in email, as in the example above, if you see a link in a suspicious email message, don’t click on it. Move your mouse over the link to see if the address matches the link that was typed in the message. The popup box should show exactly the same as what you are hovering over.
- Beware of any emails that contain threats inside then, if you receive an email that is threatening to close your account or have a company come to your house, this may be another identifier. If you have concern, contact the company (such as FedEx) and check with them directly
If you receive a phishing email, you can contact Action Fraud at: http://www.actionfraud.police.uk/