Select Page

How To Spot A Phishing Email

j

by Sanjeev

}

Jun 29, 2022

Affiliate DisclosureSome of the links on this website are ‘affiliate links.’ This means if you click on the link and purchase the item, we will receive an affiliate commission. It will be at NO cost to you. See more details

How to spot a phishing email is a science that all must know. With most of our time spent on the internet both for work and leisure, it is important that we be careful of online predators.

Here are some ways in which we can spot phishing emails:

HOW TO SPOT A PHISHING EMAIL – RED HERRING 1 – IS THE EMAIL ADDRESSED TO YOU?

Phishing emails are usually not addressed to you directly. The person sending such emails sends emails to hundreds of thousands of people – he is casting a wide net for his fishing (sorry, phishing expedition). He needs only a handful of fish to bite the bait. Usually, the email that you receive would have “undisclosed-recipients” as mentioned against To: as shown below

how to spot phishing emails - undisclosed recipients

The person sending the phishing email essentially makes a distribution list and sends the email to all within that list. He does not want the email recipients to know who else has been sent that same email.

The To: field therefore reads – undisclosed-recipients.

One caution that I'd like to add here is that there are time when the email sender is able to use an email service or an email client that lets him send emails individually to recipients. In that case it may appear that the email is addressed to you personally. Therefore, it would be prudent to be careful and look for the other ways to spot phishing emails as mentioned below.

HOW TO SPOT A PHISHING EMAIL – RED HERRING 2 – IS THE EMAIL SENT FROM A PUBLIC DOMAIN?

Many a times the email sender claims to belong to a company or bank or a reputed organisation such as IMF or UN. However, the mail is sent using a email service such as Gmail or Yahoo. An example is shown below:

Why would a person who claims to be the CEO of an organisation such as Fidelity Investments send such an important and official email from a GMAIL address? The email should have been sent from a domain such as ‘fidelity.com'. Such an email is definitely a phishing email.

HOW TO SPOT A PHISHING EMAIL – RED HERRING 3 – IS THE REPLY TO EMAIL ADDRESS SAME AS FROM EMAIL ADDRESS ?

In case of most phishing emails, the “reply to” email address is different compared to the email address from which it was received as shown below:

how to detect a phishing email

The email has been sent from “of***********@gm***.com”. However as soon as I clicked on the reply button, the reply to email address is can be seen as “ze***********@gm***.com”.

Who does that?

Also, as you can see, the email is addresssed to “undisclosed -recepients”, supposedly from HSBC bank and uses GMAIL address. And the reply to email address is different from the originating email address. A classic phishing email. Now you know how to spot a phishing email!

Blockchain Council

HOW TO SPOT A PHISHING EMAIL – RED HERRING 4 – SUSPISCIOUS FROM EMAIL ADDRESS

The Red Herring 2 discussed above if the email had been sent from a Public email service such as GMAIL.

There are other ways too in which the from email address could be fraud. You must cross-check the email domain on any suspicious email. The domain is the name after the @ symbol in the email address. If the email is not sent from a public email service such as GMAIL or YAHOO, the sender might try to show as if it is being sent from the Company domain. In that case it should match the name and company of the attempted sender (be on the lookout for minor misspellings!). If you are unsure, try looking up the company’s  domain through a search engine.

HOW TO SPOT A PHISHING EMAIL – RED HERRING 5 – PERSON FROM ONE COUNTRY SENDING EMAIL FROM ANOTHER COUNTRY DOMAIN

Many times you'd find that the email sender claims that he lives in country X yet the email domain belongs to county Y. An example is shown below:

Other Country email Domain

The sender claims that he lives in Dubai, UAE and Togo. However, the email domain refers to Japan!

You can find the list of country specific domain extensions here.

This email fulfills all the above red herrings. One has to be really naive to fall for such a phishing email.

Blockchain Council

HOW TO SPOT A PHISHING EMAIL – RED HERRING 6 – INCORRECT SPELLINGS AND BAD GRAMMER

More often than not, the phishing email sender gives himself away with use of incorrect spellings and bad grammer. If you receive an email with obviously bad grammer and many wrong spellings, assume the worst.

HOW TO SPOT A PHISHING EMAIL – RED HERRING 7 – DISHONEST HYPERLINKS

When an email has links, carefully examine the hyperlinks. They contain the address of the web page where you will be taken once you click on it.

To examine the hyperlink, take the cursor on the link. It will show you the address of the webspage as shown below:

hyperlink

The underlined link shows the domain where the link will take you, if you click the link in this email. In this case, the website in the link is different from the website where I would have expected to be taken based on the sender's claim.

This is a 100% scam link. The objective of the email sender is to infect the copmputer of the recepient with virus or malware.

Blockchain Certification

HOW TO SPOT A PHISHING EMAIL – RED HERRING 8 – QUESTIONABLE ATTACHMENTS

One of the Golden Rules of online secure behaviour is – do NOT open any attachments until you are 100% sure that the sender is legitimate. Many a times one receives an email from a total stranger with attachments. An example is shown below

dangerous attachment in email

I have absolutely no idea about what order he is talking about. The attachment 100 percent contains virus. That is why the anti virus I use on my laptop deleted the attachment.

If you do not know the sender and the email has attachment that you find strange, you can be reasonably sure that it is phishy. Do not open it if you have no protection on your device.

HOW TO SPOT A PHISHING EMAIL – RED HERRING 9 – SENSE OF URGENCY

There are emails from unknown senders that ask you to respond urgently. The sender could use reward or scare or threat to get you to respond faster or click on a link. An example is given below:

urgent scam email

The sender would like me to click on the hyperlink in the email NOW else according to him my email service will be blocked.

Such urget action emails are to be ignored. They are scam emails and one must not fall victim to them.

Cardano, which is a fully open source decentralized public Blockchain and cryptocurrency, is making impressive gains after the likes of Bitcoin and Ethereum.With an aim to build a strong foundation in the Cardano network, this certification focuses on the

HOW TO SPOT A PHISHING EMAIL – RED HERRING 10 – REQUEST FOR SHARING PERSONAL INFORMATION

No company, bank, government department, agency – No one – will ask for sensitive or personal information over email. If any credit card information, social security number, driving license or passport details etc., are requested, do not share them. Not over email. If you think that you might be missing out on something call the customer support number of the organization to validate. And yes, look up the phone number yourself. Do not call any phone numbers given in the  email that you received.

HOW TO SPOT A PHISHING EMAIL – RED HERRING 11 – EMAIL SENT AFTER OFFICE HOURS OR ON NON-WORKING DAYS

View with caution any email that seem to have been sent outside of business hours or on a holiday. Why would a bank executive send you an email at  10 pm or on a Sunday?

This may not be an exhaustive list of pointers on how to spot a phishing email. If you have more suggestions, please do share. I also look forward to your comments on how to make our online presence more secure.

Please do use the comment box below.

Previous Next
Phishing Dark Waters
Keeper Security UK

Submit a Comment

We look forward to your comments on the story here. Your suggestions and feedback to make the online world a safe place are also solicited.

8 Comments

  1. Martin Thomas

    Thank you for such a well written article. The list of red herrings is pretty exhaustive. I think you could also say that one should trust their gut in these matters.

    Reply
    • Sanjeev

      Thanks Martin for the feedback. Will surely incorporate your suggestion in the article when I update it.

      Reply
  2. Richard Ponna

    This is a very informative article. Really a good list of ways to spot a phishing email. These days one gets a lot of spam emails. And it is good to know how one can identify scam emails and save oneself.

    Reply
    • Sanjeev

      I am happy that you like the article. Also I believe there may be more ways to identify phishing emails. I’d be happy to share them here.

      Reply
  3. Rohit Gandhi

    It’s аctually a nice and helpful piecе of іnformation. I am һappy that you shared this helpful info with us.
    Please keep us informed like thіs. Thanks for ѕharіng.

    Reply
    • Sanjeev

      Thanks Rohit. Glad that you like the article. Hope to see you more often.

      Reply
  4. Victor Menezes

    This is indeed very useful. Thank you for the well written and informative article.

    Reply
    • Sanjeev

      Many thanks Victor for the kind words. Looking forward to receiving more comments and feedback

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Share This