HP TECH TAKES /...
Exploring today's technology for tomorrow's possibilities
How to Identify Phishing Emails and Spare Your PC
July 28, 2019
With the rising number of cybercriminals on the hunt for private credentials, cybersecurity has become a paramount priority of the digital age. As our world becomes increasingly computerized and dependent on internet connectivity, the room for cyber risk climbs higher and higher.
According to Symantec’s 2018 Internet Security Threat Report (ISTR), an astounding 54.6% of all email correspondence was recorded as spam . The report found that the average user receives 16 malicious spam emails per month. That’s nearly 200 dangerous emails to dodge over a single year. Falling into just one of these phishing traps could compromise your financials, identity, or worse.
Researchers with Kaspersky Lab discovered that between 2017 and 2018, email phishing scam attempts more than doubled . These alarming statistics show no signs of stopping. Using methods old and new, today’s cybercriminal continues to be an omnipresent threat to users across the globe.
Understanding the tell-tale signs of a phishing email is of the utmost importance for the modern email user. Use this informative guide on how to identify phishing emails to better arm yourself and your computer against the threat of cyber criminals and their many malicious data-stealing schemes.
What is phishing?
Fraudulent phishing is a lot like open water fishing; cybercriminals cast their line of digital bait through email and innocent users bite if the content is alluring enough. Cybercriminals are able to keep their scam afloat attempt after attempt because users are easy to lure in if everything looks legitimate.
It’s this facade of legitimacy that cybercriminals rely on for successful breaches. At its core, phishing is the act of sending emails posing as a reputable source, with the intent to distribute malicious links. Through these links, hackers can:
- Steal your usernames and passwords
- Sell your information to other parties
- Open credit cards and bank accounts in your name
- Gain access to your Social Security number
- Ruin your credit score
- Steal your money and obtain cash advances
How do cybercriminals target users?
Though there are a number of different tactics cybercriminals use to target users, these five very common phishing attack methods are ones they regularly employ.
1. Spear phishing
Spear phishing is among one of the more sophisticated forms of phishing because it utilizes the target’s personal information to build credibility. These slick criminals use your name, workplace, position title, phone number, and other personal credentials to trick you into believing you have a genuine connection with them.
Social media platforms like Facebook and LinkedIn are spear-phishers’ primary resource for curating key details about their targets. Be careful about those innocent-looking quizzes that ask for things like your age and pets’ names. This classification of email phishing likely includes references to coworkers and relevant locations.
Whaling is a subtype of spear phishing that exclusively targets senior executives within an organization. Using the same tactics as spear phishing, whaling attacks aim to harpoon senior executives’ login credentials.
With those login credentials, hackers gain access to the tools needed to authorize large payments. These phishing attempts are also called business email compromise (BEC) scams. A 2017 FBI Internet Crime Report calculated over $675 million in losses due to whaling attacks . The 2018 report doubled that number - reaching $1.2 billion in losses .
Pharming is a more complex form of phishing that depends on domain name system (DNS) cache poisoning to redirect users from a reputable website to a fraudulent one. Even if you’ve correctly entered the website URL, an attacker can still redirect you to the compromised site of their choosing.
If you fall victim to their fraudulent site redirect and enter any personal information, the hacker has all they need to uncover your credit card number, bank account number, and passwords.
4. File-sharing phishing
The vast majority of the digital world depends on the storage and file-sharing services provided by Google Drive, Dropbox, and DocuSign. Millions of people all across the globe use each of these services for personal and professional reasons. Hackers trick users into entering login credentials by creating exact log-in webpages. These fake pages may even be hosted on the legitimate site’s domain.
5. SMS phishing
SMS phishing has been on a steady rise since the global takeover of web-connected smartphones. A text message sent by a cybercriminal will contain a malicious link that can lead to the installation of a hazardous app. Through this app, the hacker can track your keystrokes, steal your identity, and/or hold your private files for ransom.
How does phishing affect my computer?
Though it may seem like phishing only affects the status of your livelihood, it can also damage the health of your computer. In addition to swiping your personal and financial data, successful phishing attacks can infect your PC with harrowing malware. Unfortunately, these nasty programs are a common feature within a larger invasion of privacy.
Ransomware, spyware, Trojans, and viruses are among the most popular types of malware that come attached to email phishing scams. Each of these damaging infections can destroy your computer’s performance and basic functionality - effectively turning it into a hub for further damage if action is not taken.
You could even unknowingly be part of a larger botnet network. A botnet is a web of internet-connected devices strung together by malware distributed by a cybercriminal. They’re used to orchestrate larger denial-of-service, spam, identity theft, and money laundering scams.
How can I identify phishing emails?
Figuring out how to identify phishing emails is difficult when the tides of cybercriminal activity are constantly changing. However, it is not impossible. Phishing emails all have one thing in common; they want your information. Handle all emails that request credential confirmation with extreme caution before taking any action. Use these 5 tips to protect yourself and your digital devices.
Phishing Red Flag #1. The email is designed to cause panic
Since phishing scams are completely dependent on whether a user clicks through and falls for the trap, it’s not uncommon for cybercriminals to employ scare tactics. For example, an email demanding you visit the attached link and enter your login credentials as quickly as possible to avoid account closure is likely fraudulent.
Another common example of a panic-designed email is one that claims your account has been compromised and the only way to verify it is by entering your login credentials.
Phishing Red Flag #2. There’s a suspicious attachment
Any email from an unknown sender that features an attachment is a glaring red flag that you should be quick to call out. Odds are that the attachment contains a damaging form of malware that could compromise your device.
Though it’s a safe practice to simply delete any emails from unknown senders that contain dubious attachments, if you believe the email and attachment are genuine, employ the help of an antivirus software scan to double-check. Better safe than sorry.
Phishing Red Flag #3. The email address looks fishy
The vast majority of modern email providers have intelligent methods of sifting through what they determine as spam and ordinary mail. However, some spam can slip under the radar and end up in your regular inbox, ready for opening.
One of the trickiest tactics cybercriminals use to dupe targets is using email addresses that are just a word or domain name away from a legitimate site’s true email address. At first glance, these email addresses look authentic, but upon closer examination, you’ll quickly see an added number or letter, or an obvious variation.
For example, addresses like @Faceb00kmail.com or @mail.apple.corp are clear knockoff addresses from the true @Facebookmail.com and @apple.com.
Phishing Red Flag #4. The email asks you to confirm personal credentials
Any email asking you to confirm your personal information that you would never provide otherwise is an immediate red flag. This includes bank account details and login credentials. Do not reply to these emails or click any attached links as they are likely phishing scams.
If you believe there is a chance that the email could be legitimate, search for the organization and find a direct contact number and complete any actions over the phone if possible. Be wary of any included phone numbers in the email, they could direct you another fraudulent source that could be posing as a legitimate company.
Phishing Red Flag #5. There are spelling or grammatical errors
Any reputable company has a team of copywriting professionals that keep a keen eye out for any flagrant grammatical or spelling errors. In fact, one of the easiest ways to identify a phishing email is by reading through the content. Be on the lookout for strange phrasing or improper vocabulary usage as these are tell-tale signs that the email sitting in your inbox is not from the source you think it is.
Any email riddled with mistakes should raise an eyebrow as is, but be even more careful when you receive emails that just seem off.
Educating yourself on how to identify phishing scams is the simplest way to defend against the threats they pose. Be vigilant when perusing your email, you’ll save yourself and your computer plenty of headaches in the future.
 Symantec; Internet Security Threat Report: Volume 23
 Kaspersky Lab; Spam and Phishing in 2018
 FBI; 2017 Internet Crime Report
 FBI; 2018 Internet Crime Report
About the Author: Tulie Finley-Moise is a contributing writer for HP® Tech Takes. Tulie is a digital content creation specialist based in San Diego, California with a passion for the latest tech and digital media news.