How to Spot Spam and Phishing emails

Security Challenge

The bad guys and gals are constantly trying to trick users into giving away personal and sensitive information (e.g., passwords, name, address). It’s important to know how to spot spam and phishing emails.

 

Recommendation

Spam and Phishing emails usually attempt to get the user to take an action that will benefit the attacker. They typically try to use mind games to get you to feel afraid, guilty or some emotion that will likely cause you to comply with their request. Below are a few red flags to look out for before responding to that next spam or phishing email.

• Misspelling and bad grammar - The standard malicious emails are typically riddled with misspellings and bad grammar. If you receive an email purporting to be from a business you work with or service you use that has bad grammar or misspelled words, reach out to them using a trusted way to communicate. (e.g., support site, phone number, support email)
• Not addressing by name - Any service or company you do business with should know your name. If the email greets you with sir, madam or nothing at all, that is a red flag.
• Suspicious links or attachments - Malicious emails may have links that appear to be from a reputable site but it could be misspelled or the real link could be something else. Attackers like to use hyperlinks to hide the real domain or a domain that sounds similar to the real thing. Something like facebookz.com (Bad) instead of facebook.com (Good)
• google.com (Good) / googler.com (Bad)
• bankofamerica.com (Good) / bankofamerican.com (Bad)

Example Spam/Phishing email

Closing Thoughts

Be vigilant and don’t fall for spam and phishing emails. If an email seems sketchy and it’s coming from someone you know, reach out to them using a trusted form of communication. You can call, text, or use a messaging service (e.g., signal, whatsapp, facebook messenger) that you’ve used before. If the email is coming from a business, locate a secure way to communicate with them. You can usually go to their website’s contact us page. Don’t click on any links or attachments in suspicious emails and if you do discover it’s spam or phishing, report it in your email service web interface or client.

How to report spam and phishing emails for the following services

• Gmail - https://support.google.com/mail/answer/8253?hl=en
• Yahoo - https://in.help.yahoo.com/kb/SLN28056.html
• AOL - https://help.aol.com/articles/aol-mail-spam-and-privacy?guccounter=1
• Outlook - https://support.microsoft.com/en-us/office/block-senders-or-mark-email-as-junk-in-outlook-com-a3ece97b-82f8-4a5e-9ac3-e92fa6427ae4

References

• https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
• https://staysafeonline.org/online-safety-privacy-basics/5-ways-spot-phishing-emails/
• https://support.apple.com/en-us/HT204759