Last month we wrote about the consequences of having a small business owner email account stolen. This article is about an expolit that happens far more frequently. Phishing attacks happen every day. Good anti-spam/anti-spyware systems can provide a lot of protection. We use and recommend Mimecast for our clients. Still, it's possible for sophisticated fraudulent emails to get through. Here's some good advise for everybody regarding how to check emails, even ones that appear to be from trusted senders.
By now, you’ve heard about phishing – fraudulent emails that masquerade as communications from a legitimate source that trick unsuspecting readers into giving up personal information or compromise their machines with spyware or viruses. Thankfully, email filtering and security has improved a great deal over the past few years. Unfortunately, no matter how effective the security, some phishing emails will always make it to the inbox – that’s where you come in. Here are some tips to help you identify a phishing or spoofing email.
Don’t trust the name
A favourite phishing tactic is to spoof the display name of an email. It’s easy to set the display name of an email to anything – you can do it yourself in Outlook or Gmail. It’s the simplest and most easily detected form of e-mail. Spoofing involves simply setting the display name or “from” field of outgoing messages to show a name or address other than the actual one from which the message is sent. When this simplistic method is used, you can tell where the mail originated by checking the mail header.
You can’t trust the header
It’s not just the display name that can be spoofed, but also the email header. Emails are built on some very old technology (in internet terms): SMTP, or Simple Mail Transport Protocol. When you send an email, it goes to a SMTP server first, then the message is relayed from SMTP server to SMTP server across the internet. When the message arrives at its penultimate destination, the email is stored in the recipient’s mailbox at a POP3 (Post Office Protocol 3) server. Finally, the message is fetched by an email client so the recipient can read it. While this may seem complicated, the important thing to remember is that SMTP just passes along what it was given. Clever fraudsters can fool the SMTP server into sending along an email that isn’t legitimate.
There are several, technical ways to figure out if this is the case, but the simplest method is to see where the “reply to” section of the full header will lead you to. If it indicates that your reply would be redirected to an address that’s different from the sender’s address, then you have good cause to be suspicious.
Hover before you click
Clicking links in emails is inherently risky – you don’t know where a button, link or video will actually send you. But, if you hover your mouse over any links embedded in the body of the email, you can see the raw link. If it looks strange, don’t click it – there’s a good chance the email is fraudulent.
Remember the basics
If an email has spelling mistakes, requests personal information, or is written in threatening language, you should be suspicious. If you did not initiate contact with the sender, be wary and think where they could have found your contact details.
Trust your instincts
Given today’s e-mail infrastructure, there’s not much that can be done to prevent spoofing. Companies and organisations can tighten up their mail servers. This just makes it a little more difficult for criminals, not impossible.
Appearances can be deceiving. Just because an email has convincing logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be sceptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it. If something looks off, there's probably a good reason why. If you receive a message that seems suspicious, it's usually in your best interest to avoid acting on the message.