fbpx
Contact Us

Two Nifty Tricks To Identify a Fake Email

Go Back

Fake emails are known in the cyber security world as ‘Phishing’ attacks. Phishing has come a long way from the basic emails we all used to get from the Nigerian president who had woefully bad grammar! Today, attacks exploit world events (e.g. national disasters like Tsunami’s and terrorist attacks) to make them more convincing. They are branded almost exactly the same as the genuine messages and they’re able to ‘spoof’ * email addresses to make it look like they are coming from someone you know. For example, the actual email address might be xvd34@russianhacks.com but when it arrives in your inbox, the “From” box shows it looks like it’s come from Jess, your after-work knitting class buddy you recently added on Facebook.

* spoofing means to trick or to fake. In this context, they are faking the email address that it looks like the email is coming from.

Some people advise that we should use a dedicated ‘phishing filter’ on our email but this is, in my opinion not necessary as our email provider (e.g. Hotmail) already have multiple mechanism in place to prevent spam. It’s also easier to learn how to recognise it so none are effective than it is having a specific filter. Did you know around 97% of people around the world are unable to identify a sophisticated phishing email [1]? With a little help, you will soon be part of the elite 3%!

Top Tip: Phishing isn’t just strictly limited to emails. Social media sites often have messaging functionalities too. Things called ‘spam bots’ are created by hackers to contact you on these social media messaging services to try and convince you to either click on fake advertisements or disclose your personal information. A research report published two years ago by a group of Italian researchers [2] found a whopping 8% of all Instagram accounts were fake spam bot accounts!

How to Identify a Phishing Email Using Only Your Mouse!

There are a couple of things we can do to easily identify a phishing email. The best two methods involve using your mouse (cursor) to investigate the senders email address and the inevitable attachment or link that’ll be contained in the email;

1. Is there an attachment or link?

Any attachment or link that often has a generic name, e.g. “Invoice February 2017” should ring alarm bells. Never click on the attachments or links as these are designed to deliver malicious software to your device! Instead, for links take your mouse and hover over the link or button (without clicking on it!) and it’ll display the real destination of the website it’s taking you to. If it isn’t official looking (amazon.co.uk) like shopping9-amazon.co.uk then steer clear! If you’re still unsure about the link, go to urlvoid.com which will check if its malicious or not! For attachments, right click on it and use your anti-virus software to scan it for viruses.

2. Who is the sender?

Similar to investigating suspicious links using your mouse, we can do the same with the sender’s email address. When we hover our cursor over it, it’ll reveal the actual email address (which may be different to the one being displayed to us). If it does then delete it straight away!

If it passes the two steps above but you’re still unsure, you can do the following;

  • Does it ask for information? Banks and large organisations already have our personal details from when we first opened our account with them. If they need updating, they never do this via email. So, an email asking you for personal or financial information is most likely phishing.
  • Study the branding. Compare the fonts and colours used in the branding of the email versus the actual branding on the official website. i.e. if the email is meant to be from HSBC, then manually navigate to their official website (do not use the link in the email!) and compare the colours and fonts.
  • I’ve seen some really impractical advice state that we shouldn’t open any links in e-mails, even if you think the sender is familiar. This completely disregards the fact that links in email are critical for things like online shopping receipts and can be very useful to send one another! Just follow the steps above to check the links before clicking on them.
  • Want to test your newly acquired phishing spotting skills? Go to this website to take the test!

If you both you and your kids are able to successfully identify fake emails and social media messages, you will have gone a long way prevent the main attack method cyber criminals use to deliver nasty things like malware, ransomware and virus’s!

Leave a comment below to let me know what you think.

 

Jonny

Founder of www.SimpleCyberLife.com. Cyber security expert, public speaker and entrepreneur.

www.jonnypelter.com

jonny@simplecyberlife.com

 

References:

[1] https://www.mcafee.com/us/about/news/2015/q2/20150512-01.aspx

[2] http://www.businessinsider.com/italian-security-researchers-find-8-percent-of-instagram-accounts-are-fake-2015-7?IR=T

Leave a Reply

Your email address will not be published. Required fields are marked *

Hacked Social Media Recovery Handbook!

Pop your email into the form below and we'll send you the link to your free handbook!

We hate spam and won't send you mindless marketing emails. We share some internet safety tips. You of course can unsubscribe at any time.

Free Protection Checklist!

Pop your email into the form below and we'll send you the link to your internet safety protection checklists!

We hate spam and won't send you mindless marketing emails. We share internet safety tips. You of course can unsubscribe at any time.

Free Cyber Bullying Handbook!

Pop your email into the form below and we'll send you the link to your free handbook!

We hate spam and won't send you mindless marketing emails. We share some internet safety tips occasionally. You of course can unsubscribe at any time.

Free I've Been Hacked Handbook!

Pop your email into the form below and we'll send you the link to your free handbook!

We hate spam and won't send you mindless marketing emails. We share internet safety tips. You of course can unsubscribe at any time.

Top