Phishing emails have become increasingly common and difficult to detect in recent years; in fact, they were the most common online fraud type in 2020, with nearly a quarter of a million phishing emails sent out to unwitting victims.
By masquerading as a known authority figure, service provider, or other valid email source (e.g., the victim’s bank or employer), fraudsters can manipulate users to do their bidding: reveal username/passwords, share credit card information, or disclose other pieces of critical data. Some are easier to recognize than others, but in general phishing emails are continuing to evolve in sophistication as average internet users become savvier to common online threats.
For this reason, implementing effective account takeover prevention measures is crucial for mitigating the risk of phishing attacks and improving overall awareness around how to spot them.
What is the goal of phishing attacks against businesses?
Since the end game is profit, malicious actors typically steal data to resell on the black market (i.e., the dark web) or launch more attacks. Cyber criminals are especially keen to direct phishing email campaigns against commercial firms, since these types of attacks against businesses will yield higher value victims (e.g., the CEO of a firm, a web store owner). In 2020, 75 percent of businesses globally suffered from phishing attacks; in the U.S., 74 percent of these were successful. And unlike consumers, businesses that fall victim to phishing email attacks are subject to various post-incident reporting requirements such as notifying customers and/or registering data breach incidents publicly. This can result in negative media coverage, significant brand damage, and other business disruptions, not to mention a decrease in shareholder value if the company is publicly traded.
How to identify phishing emails?
The contents of a phishing email will vary depending who the malicious actor is masquerading as. For example, cyber criminals may pose as the business’ bank to manipulate employees or users into revealing their account login details. They may impersonate an internet service provider requesting access to the users’ desktop, a trusted colleague asking for a monetary favor, or even a known company executive requesting the expediting of a (non-existent) invoice.
Because email addresses are generally meant to be publicly accessible, phishing emails will invariably find their way into users’ accounts. Fortunately, today’s anti-phishing, email security, and account takeover prevention solutions are highly effective in mitigating the risk of phishing emails. That said, businesses should train their employees on how to monitor for these threats — specifically, to look out for the following red flags of a phishing email attack.
Phishing emails often start with a greeting that you wouldn’t ordinarily expect like "Dear account holder," "Dear Sir or Madam," or "Dear valued customer." Though attackers may remove the greeting altogether and launch straight into the body of the email, more often they will begin with an unusually generic greeting that lacks any personalization (e.g., the recipient's first/last name). Because phishing emails are typically automated, attackers may send thousands of emails at once in hopes of netting a few unwary victims; subsequently, they often do not have the necessary details to personalize the message for each recipient.
Abundance of typos
Bad grammar is an obvious sign of a phishing email. Legitimate firms drafting formal emails will likely correct any obvious errors and typos prior to sending, while cyber attackers will inadvertently include spelling, syntax or grammatical errors. The email copy may also use improper English or sentences that are nonsensical. These mistakes may be hard to notice at first glance, but can more easily be spotted during a slower, second take.
Discrepancies in links and domains
Cyber criminals will often employ phishing emails to trick readers into clicking on malicious links. This could have disastrous results, as the action may open up a destination web page/resource containing malware or malicious scripts for harvesting user details.
Several key visual clues may allude to a potential phishing email attack in the works. The links may be buttons or graphics directly copied and pasted into the email body, in which case they may look off-center, oddly-shaped or malformed. For text links, users should be wary of hyperlinks with hidden or obfuscated URLS., as cyber criminals will use methods to cloak the malicious destination domain, so as not to tip off the user.
Abnormal sense of urgency
Cyber criminals use urgency as a way for disarming users and provoking them into taking action quickly. This could take the form of an email marked as urgent, a request for an immediate response, and/or a threat of further action (e.g., legal proceedings, collections, reporting to law enforcement).
These urgent requests carry extra weight if the email purports to be from an employee or user’s manager at work. In this case, the cyber criminal is banking on the users’ reluctance to question authority regarding any unusual aspects of the email.
Suspicious email attachments
Phishing emails often direct users to open attachments that resemble innocuous files (e.g., documents/PDFs, spreadsheets, or high-resolution images). However, these attachments often contain malware and other malicious files used for gaining backdoor access to the user’s computer.
In some cases, an .exe file may come as an attachment — if the email and file are unexpected, it’s safer to leave it alone and discard the email. Zipped email attachments can also be dangerous, as malicious files are often hidden layers deep within compressed folders.
Requests for payment information or banking details
It’s important to keep in mind that most organizations these days, be it a government authority, service provider, bank, or other business, do not request private information via email, expressly because of security and privacy reasons. Any requests for credit card information, bank details, or account access should therefore be scrutinized thoroughly.
Additionally, employees and staff should be trained to never provide payment information over email. Requests for payment information or banking details are more obvious signs of a phishing attempt; subsequently, most anti-phishing email tools will alert users when these types of emails appear.
Unsolicited conversations or messages
Because phishing emails usually involve unsolicited attempts to correspond with the receiver, users should ask themselves how the sender got their email address in the first place. If it's determined that no mailing list signup, opt-in, or initial conversation occurred, then a phishing email attack is likely underway. Fortunately, several anti-phishing tools can help to automatically detect and disarm these types of phishing emails.
What are some typical phishing email examples?
Though phishing emails take many forms, they all tend to have a few things in common. Generally speaking, emails from unrecognized senders always warrant special handling and scrutiny; in these cases, users should, by default, assume a defensive posture.
A phishing email could look like this:
We have detected an unauthorized attempt to access your account so your account has been blocked. Please click on the following link with the pin code 936740 to reactivate.
You have an unclaimed credit amounting to $461.35. To claim this credit before it expires in 2 days, click the button below.
In both cases, the sender has created an air of urgency for manipulating the receiver into acting quickly without taking the proper considerations.
How to properly handle phishing emails
Of course, recipients of suspected phishing emails should never do what the sender requests. This includes:
- Clicking on any links
- Providing personal or business information Replying to the email
The following actions can be taken to mitigate the potential threat:
- Inform a manager, supervisor, or someone in authority about the email
- Carefully analyze the email (visually) for further signs of a phishing attempt
Contact the organization that owns the domain in the sender’s email address (but do not reply to the email)— this can be determined by simply searching for its contact details online.
It may be tempting to dismiss phishing attacks as easy-to-spot and hard to fall for, but the reason they are so common is because cyber criminals continue to profit from them. Even the most poorly designed and unconvincing phishing emails end up netting a small percentage of recipients — for larger organizations, this could end up being a significant number of victims. And as malicious actors become more sophisticated in their tactics, you can be sure that their phishing emails will also follow suit.