Email Security and Authentication

10 Tips on How to Identify a Phishing or Spoofing Email

minute read

It’s 2013, what can you really do with two dollars? Maybe buy a pack of gum, snag two cheeseburgers off the dollar menu, create and host a phishing scam…wait, what?

Yes, it’s true. Two single dollar bills is all it costs for a hacker to create an email pretending to be from your trusted retailer or bank, asking for your login details, and instantaneously obtaining your confidential information. With over 260 million phishing emails sent every single day, there is a pretty good chance that one of these may land in your inbox. So, how do you make sure you aren’t one of the many to fall victim to a phishing or spoofing attack? We have identified 10 tips below to help defend against one:

  1. Hover over Friendly From
    Probably the easiest way to identify if an email is legitimate or not, is to simply hover your mouse arrow over the name in the From column. By doing so, you will be able to tell if the email is from a recognizable domain that is linked to the actual sender name. For example, an email from Match.com should typically have the from domain of “match.com” (not “motch.com” or “humbletemper.com”).hover-over-friendly-from
  2. Are the URLs legitimate?
    Continuing on with the theme of hovering over certain parts of the email, another place to check would be any URLs the email is trying to get you to visit. You will always want to make sure the link is legitimate and uses encryption (https://). However, in order to be extra cautious, it is best practice to always open a new window and go to the site directly without using the email link provided in an email.
  3. Incorrect grammar/spelling
    A common practice of many hackers is to use misspelled words on purpose. While it may seem that this would easily reveal an illegitimate email, it is actually a tactic used to find less savvy users. Spammers have learned that if they get a response from a poorly written email, they are on to an easy target and will focus their efforts to bring that user down.
  4. Plain text/Absence of logos
    Most legitimate messages will be written with HTML and will be a mix of text and images. A poorly constructed phishing email may show an absence of images, including the lack of the company’s logo. If the email is all plain text and looks different than what you’re used to seeing from that sender, it is best to go with your gut feeling and ignore the message.
  5. Message body is an image
    This is a common practice of many spammers. Make sure the email is a good mix of text and images. Also, there may be embedded links for you to hover over within the image for an extra step of precaution.
  6. IP Reputation
    If you can easily identify the sending IP of that email, you can look up the IP’s reputation through Return Path’s Sender Score site. This tool will reveal a score (0-100) and will be able to give you some insight into the sending IPs historical performance. The lower the score, the more likely the email is a phishing or spoofing attempt.
  7. Request for personal information
    One tactic that is commonly used by hackers is to alert you that you must provide and/or update your personal information about an account (e.g., Social Security number, bank account details, account password). Phishers will use this tactic to drive urgency for someone to click on a malicious URL or download an attachment aiming to infect the user’s computer or steal their information.
  8. Suspicious attachments
    Is this new email in your inbox the first time your bank has sent you an attachment? The majority of financial institutions or retailers will not send out attachments via email, so be careful about opening any from senders or messages that seem suspicious. High risk attachments file types include: .exe, .scr, .zip, .com, .bat.
  9. Urgent/Too good to be true
    If an email seems too good to be true, it most likely is. Be cautious with any message offering to place money into your bank account by simply “clicking here”. Also, if the content places any kind of urgency as far as “you must click into your account now”, it is most likely a scam and should be marked as “junk”.
  10. Is my email address listed as the From address?
    If you notice that your email address is being identified as the From address, this is a sign of a fake email message. Along those same lines, if the To field shows a large list of recipients, you should also be cautious. Legitimate emails will most likely be sent directly to you and you only. You may see “undisclosed recipients” and this is something to keep an eye on as well. It could be a valid send, but double check by using the other tips identified above.

Phishing and spoofing continue to be a problem for companies worldwide and, in turn, a problem for all email users. Compromised accounts not only pose a threat to a company’s IT or security department, but also lead to a drop in overall brand trust and loyalty, affecting marketing, sales and beyond. In order to secure hard-earned brand recognition and ultimately combat phishing attacks, Return Path offers anti-phishing solutions. To learn more, simply click here (if you hovered over to check the link’s legitimacy, I am proud of you).