5 Tips to Identify a Phishing Email Scam

5 Tips to Identify a Phishing Email scam

As you browse your email inbox every morning, do you wonder which of those emails is a possibly phishing scam? Even if you know the sender personally, how do you identify a phishing email and protect yourself when the sender is asking you to click on a link?

We have all received emails from relatives and friends where obviously their email has been hacked. Sometimes it is really a spammer using a list of friendly names to disguise an email that is delivering malware to inboxes across the globe. The past few years have seen large scale malware attacks, many of which were launched with phishing emails. If you are not familiar with them, read about social engineering attacks and see why posting about how you are living the dream life on social media is just making it easier for hackers to find a path to your bank account.

So how can you identify a phishing email scam? Some of them are well crafted emails that look quite legitimate. They are frequently from a familiar source like a financial institution. That’s no coincidence. Hackers wouldn’t be spending time and resources to send you a spam email if there was not a payoff. Your money is the reward so frequently, targeting phishing emails, called spear-phishing, appear to come from financial institutions that you already do business with. Or at least they appear that way.

How to Tell if an email is Fake

One email phishing scam I receive frequently is a spoof from American Express. No, it is not from the REAL American Express. It comes from a different top-level domain (TLD) which is cox.com. American Express does NOT send emails from other TLDs. All their official emails come from their own email servers. So, this is the first way to discern a phishing email from a legitimate email. Look at the email sending address. Note – there are two email “From” names that you will see if you examine an email closely – the email box which is something @ gmail.com. or comcast.net or @yahoo.com or whatever. Then there is what is called the friendly name. This is easy to spoof and is frequently a name the recipient knows. The friendly name is easy to fake and could be a relative or it could be a banking institution the recipient knows.

My first spam email example (below), is a low effort basic spam. The spammer did not bother to attempt a friendly name. The second email, the “Amex” spam, claims to be from American Express, which it is not.

This is a simple phishing email. It is written to bypass spam filters. It does not contain links yet is threatening and asks for money. All of the information is in plain text, no images. The sender is assuming I know how to transfer cryptocurrencies. This one is not to effective, I’m sure.

Does the email Make Sense?

Look at the content of the page. Does the content make sense to you or does it seem strange? This is where it can be very difficult to distinguish between a legitimate email and a fraudulent one. The images contained in the email may indeed be taken from a real website. So, in fact, they are truly identical to the real website or app making it harder to tell.

I do buy from eBay so this email sort of fits but not really. I never an Amex card for eBay purchases, so I know this is not legit. I certainly never purchased anything from eBay that cost $3k. That may lead some to think that someone skimmed my Amex card, but my fraud alerts would have told me. I also know from past phishing scams that Amex always includes the last digits of your account number in their emails. This one has asterisks. A total tip-off. A simple call to Amex purged that idea. I forwarded the spam and that was the end of it.

Examine the Links

Hover, do not click, on any links in a suspicious email ever. In fact, I don’t click on links in of any email that has to do with any account of mine – financial or other – EVER! If I want something more, I go straight to the website and log in from there. To reiterate, even if you believe the email is legitimate (this one is not) do not click on any clinks. Go to the app or website and login normally. Always be sure you typed in the website URL correctly.

Hovering over one of the links in this spam email shows it is clearly a phishing email scam. Look at the URL. I’m not going to type it in text in the post because I don’t want anyone to land on the spoofed website. The website URL ends in “.ru.” That’s a Russian extension! Enough said. It’s a phishing scam. I did not click on it, I don’t know what is on the other side. I assume they are looking for Amex login credentials.

The ask, offer and links are often the big tells. Hover (don’t click) over a link) Does the link to go to another TLD (website) than what you know to be the sender’s website?

Those Image Tho

About those images on the email. Notice how my email reader does not download images from a sender I have not marked as trusted! That’s a bit of cyber security in action. Downloading images is a form of tracking. If the image is hosted on a spoof website rather than embedded in the email, your download sends some tracking information back to the spammers server. I’ll explain this in another email. It is the same technology that marketers use to track advertisements. It is a legitimate tracking technology being for a malicious use.

Below is a screenshot of the email with the images. I have another laptop that is wiped clean and sandboxed (protected) for testing cyber security scams. I used it along with a VPN to see some of the images for the purposes of this post.

Five Tips to Identify a Phishing Email scam

  1. Check the from email BOX
  2. Check the from friendly name – then most likely ignore it!
  3. Hover over the links and see if they match the (supposed) sender
  4. Read the content and think about whether it is sensible
  5. Contact the alleged sender from contact information on the legitimate website NOT what’s in the email

Enterprise email filters are very good, sometimes too good, at filtering out phishing scams. They can block a legitimate email unless the sender is whitelisted by the recipient or system. There are a few hallmarks to the spammy email. Much of it is in the word choice. Typical spam email words include offer, a threat, an ask for money, or transferring money to a bank account. A phishing email may contain a link to reset a password, log into an account, or the craftiest phishing scam link is prompting the reader to supposedly unsubscribe. An easy opt-out of the phishing scam? Not likely. If an email is a phishing email, then hitting the unsubscribe button, does just the opposite. It confirms to the spammer that this in indeed a working and monitored email address.

What do I do about a phishing email?

So, what’s the best recourse? Mark the email as spam. Junk it and delete it. Block the sender and notify your system administrator if this is a work email.

  1. Do not download the images
  2. Do not click on any images that did download or their text placeholders
  3. Do not reply to the email
  4. DO NOT unsubscribe from the email
  5. Do not click on anything! You can hover over the links to check the URL but note there were a few malware attacks last year that did not require a click to launch the attack!
  6. Contact your company’s IT department for instructions
  7. Home users should mark the email as spam and delete it. Empty your email trash after deleting the email

As I have in the past, I contacted American Express with past Amex phishing scams. They handled it well and promptly, while I was on the phone. They gave me some additional tips on how to identify an Amex targeted phishing email and how to spot a fraud.

Michelle writes about cyber security as well as how to protect your data online. She has worked in internet technology for over 20 years Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. She conducts workshops focused on web technologies and enjoys public speaking along with her connected rescue mutt.