IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
In-depth

Five giveaways that show an email is a phishing attack

One of the biggest problems in cyber security is the phishing email

Phishing is possibly one of the biggest threats to organisations and the security of their infrastructures. When it takes place a phishing attack scams a user into giving away personal data such as bank details, credit card numbers and login credentials. These attacks happen via an email, which include a link that sends users to what, at first glimpse, looks like a legitimate site. For example, a hooky email could claim to be from from your bank, requesting a log in or a confirmation of personal details.

Symantec research indicates that in 2020, 1 in every 4,200 emails was a phishing email. With spear phishing attacks 65% of active groups relied on this techniques as the main infection path. According to research from Proofpoint, three-quarters of globally experienced a phishing attack in 2020.

The average number of business email compromise (BEC) attempts received in the last year saw a dramatic 15% increase between the second and third quarter of 2020. Increasingly, organisations see malicious data breaches caused by stolen credentials, rather than malware installation. 

To avoid being the next victim, here are four giveaways that show an email is a phishing attack.

The email was unsolicited

Legitimate companies never email users asking for personal information. Neither would they send an email unannounced asking you to download an attachment. No matter how real the email looks, if it is unsolicited and it is asking you to do something, it is most likely a scam.

This is especially true for phishing attacks pretending to be from your bank. According to data from Kaspersky, the detection of phishing pages which mimicked legitimate banking services topped the list of the most popular phishing scams, leaving the longtime leaders of this chart global web portals and social networks - behind.

Towards the end of last year, a wave of Bitcoin scams found their way into email inboxes, riding on the wave of skyrocketing values to con users into giving away thousands of pounds in so-called investments from phishing pages.

Another increasingly common email is one which will state that there is an invoice attached, but which will give very little detail in the actual body of the email. Always check that the sender is legitimate and that the invoice is expected, and never download or open an unexpected invoice attachment.

Poor grammar and spelling

Emails from legitimate sources generally make sure that there are no typos, no spelling errors, and good grammar. Professional companies have teams dedicated to proof checking all marketing material it sends out. Hackers often lack those writing skills. As well as this, they may not have English as a native tongue. We can assume that the criminal wrote the text in their own language and then used a translation tool to convert the text into English.

This means that if you have an email purporting to be from your bank and it has various examples of bad spelling and grammar, then it is most likely not from that bank but from a criminal.

The same applies to pixellated or miss-sized company logos, and email headers and footers that have the wrong company address or spelling errors. However, cyber criminals are getting better at mimicking legitimate company communications, so if in doubt, don't click on any links in the email.

Mismatched URLs

Criminals try to fool victims into clicking on links that to the reader look like the real URL of a legitimate website, but the hyperlink actually is a URL belonging to a criminal. You can prevent visiting the link by hovering your mouse arrow over the link; most browsers will display the real URL link at the bottom of the browser window. If that URL doesn't match with the link the arrow hovers over, it is most likely a trick.

Scammers are also getting more sophisticated at masking the sender's email address. It may appear as 'Amazon Orders' in your inbox, but the email address itself will feature a mix of letters and numbers which marks it out as being fake.

The email features fake URLs

Legitimate emails will feature URLS that lead back to an official website of a company. The URL will have a straightforward name (i.e. trustedbank.com). A criminal will try to make a URL look like a real website as much as possible (such as trustedbank.phishingattack.com). Users should always check any link before clicking on it. Better still, always check a URL by cutting and pasting the link into a search engine. A scam should reveal itself in the first page of results.

This type of activity is not limited to banks; criminals have even created fake URLs containing the word Steam' in order to make the fake even more like the original and deceive inexperienced gamers.

Another recent tactic is the use of bogus characters; for example apple.com and appl.com both look identical, except for the diacritic mark above the 'e' which marks it out as a scam. If in doubt, always type the URL of the site yourself to ensure you're being taken to a trusted page.  

Infected attachments

Attachments carried by emails may appear benign, but they could be infected with malware. A common disguise is as an invoice or bill, which could set hearts racing and fingers clicking. In today's commercial whirlwind, we are all guilty of purchasing goods and services and subsequently forgetting the episode ever happened, so it's easy to see how this tactic would be effective.

Related Resource

The Okta digital trust index

Exploring the human edge of trust

Woman types on a laptop, image is faded purple with title text beside it on white backgroundFree download

Once an infected attachment has been opened, users may discover the document is not actually tailored specifically to themselves, indicating suspicious activity. Unfortunately, by this point, it's already too late. The malware has already been unleashed upon the victim's computer.

Attachments should only be opened if users are confident they are sent from a legitimate party. If clicking on an attachment activates a pop-up warning of unstable or unknown content, take this as a tell-tale signal not to open the file. Pop-ups can also request the user to alter certain security settings to access the file another red flag.

If you're unsure about an email, or the attachment's origin and intention, it's best to contact the sender through an alternative medium and requesting validation or clarification, in one form or another. But if in doubt, err on the side of caution.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021
Attackers use CSS to fool anti-phishing systems
phishing

Attackers use CSS to fool anti-phishing systems

11 Nov 2021

Most Popular

Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022