Phishing emails are a common form of online threat that can be difficult to identify. Cybercriminals use sophisticated tactics to trick users into divulging personal information or clicking on malicious links. To protect yourself from phishing attacks, it’s important to understand how to identify and report suspicious emails.
The Anti-Phishing Working Group’s (APWG) Phishing Activity Trends Report for Q1 2022 provides valuable insights into the current phishing landscape. According to the report, there were over 270,000 unique phishing websites detected in Q1 2022 alone, highlighting the continued threat posed by phishing attacks. The report also emphasizes the importance of being cautious of social engineering tactics, such as the use of COVID-19-related lures, to trick users into divulging sensitive information.
You can find the report on the APWG website: https://docs.apwg.org/reports/apwg_trends_report_q1_2022.pdf
Identifying Phishing Emails
One key way to stay safe with email spam, phishing, scams, or credential requests is to identify them. Identify it, Recognize it, Report it:
- Verify the sender: Keep an eye out for bad actors. Verify who sent an email to you.
- Look for suspicious links: Check for links within emails, and identify links to false copy sites that may ask for your personal information.
- Analyze the email: If an email feels fake or like spam, analyze it deeper. Don’t share personal information or login credentials. Remember, genuine organizations will never ask for your login credentials or personal information via email.
- Report suspicious emails: Use your email provider’s reporting tools to report suspicious emails. For example: report message tab in Outlook (desktop client, web browser or mobile) can be used to report suspicious emails.
When you receive an email, check the sender’s email address and display name to make sure it’s legitimate. Cybercriminals often create email addresses and display names that closely resemble those of legitimate organizations. If you receive an email that looks suspicious, don’t click on any links or download any attachments until you’re sure it’s safe.
Sender Display Name and Email Address
When it comes to email security, it’s important to be well-informed about the sender’s display name and email address. These can be manipulated by malicious actors in attempts to deceive you.
- Sender Display Name: The sender display name is the name that appears in the “From” field of an email. In our recent phishing attack, we used the display name “Ali Dogan Colak.” However, please note that this was a fraudulent email. The genuine email address for Infotechtion is infotechtion.com, not inftechtion.com or infotechtiom.com.
- Email Address: The email address serves as a unique identifier for the sender. Phishing attackers often create email addresses that closely resemble legitimate ones. In our case, the fake email address used was email@example.com. It’s crucial to exercise caution and carefully scrutinize the email address to ensure its authenticity.
By being aware of these tactics, you can better protect yourself against phishing attempts. Remember to verify the email address and double-check any suspicious emails before taking any actions. If you’re unsure about an email’s authenticity, you can contact the organization directly using trusted contact details to confirm the legitimacy of the message.
URL Hyperlinking in Emails
When it comes to URL hyperlinking in emails, it’s important to stay informed and be mindful of potential risks. Here are some key points to consider:
- Hover over it with the mouse before clicking: Take a moment to hover your mouse cursor over a hyperlink without clicking it. This allows you to preview the actual URL destination, helping you verify its legitimacy before proceeding.
- Be careful of misleading URLs: Exercise caution when encountering unfamiliar or suspicious links. Be mindful of unusual or unexpected URLs, and be wary of shortened or manipulated links that may redirect you to malicious websites.
- Pay attention to typos or changes: In URLs, such as misspelled domain names or substituted characters. Phishing attempts often utilize these tactics to deceive unsuspecting users.
By being careful and applying these practices, you can enhance your online safety and protect yourself from potential phishing attacks.
Sense of Urgency
Phishing emails often employ a tactic known as a “sense of urgency” to create a feeling of importance and prompt immediate action from recipients. It’s important to recognize and be cautious of this technique.
- Pay attention to urgent subject lines: Pay attention to subject lines that convey urgency, such as “Important Announcement” or “Time-Sensitive Information.” These subject lines are designed to grab your attention. Take a moment to evaluate the email before acting.
- Investigate the sender: Verify the legitimacy of the sender’s email address. Phishing attempts may use deceptive email addresses that mimic trusted organizations. Look for any inconsistencies or misspellings that could indicate a fraudulent email.
- Evaluate the content: Carefully read the email and assess its content. Phishing emails often try to create a sense of urgency by claiming there is a time limit or urgent action required. Be cautious of requests for personal information or instructions to click on suspicious links.
- Practice independent verification: Instead of solely relying on the email, independently verify any urgent information through official channels. Contact the organization directly using trusted contact details to confirm the legitimacy of the request.
By understanding the tactics used in phishing emails and adopting a thoughtful approach, you can protect yourself from falling victim to these fraudulent attempts.
How to Report Suspicious Messages
If you receive a suspicious email, it’s important to report it to your email provider. Reporting suspicious messages can help protect yourself and users from potential phishing attacks. The Report Message tool works with Outlook to allow you to report suspicious messages to Microsoft as well as manage how your Microsoft 365 email account treats these messages.
Messages that your Microsoft 365 email account marks as junk are automatically moved to your Junk Email folder. However, spammers and phishing attempts are continually evolving. If you receive a junk email in your inbox, you can use the Report Message to improve the spam filters. If you find an email in your Junk Email folder that’s not spam, you can use the Report Message to mark it as a legitimate email, move the message to your Inbox, and report the false positive to help improve the spam filters.
Outlook for Windows
If you’re using Outlook for Windows, you can use the Report Message tool to report suspicious emails.
Outlook for Web Browser
If you’re using Outlook for Web Browser, the Report Message button will appear on the sidebar.
If you’re using Outlook for MAC, you can use the Report Message tool to report suspicious emails.
If you’re using Outlook for iOS device, you can use the Report Message tool to report suspicious emails.
If you’re using Outlook on an Android device, you can use the Report Message tool to report suspicious emails.
By reporting suspicious emails, you can help improve spam filters and protect yourself and users from possible phishing attacks.
Foster a Cybersecurity Culture of Awareness
At Infotechtion, we recommend regular attack simulations and educational activities to reinforce learning and promote a culture of cyber security awareness within your organization.