How To Spot a Phishing Email [A Definitive Guide]

Every year thousands of people lose their hard-earned money to phishing attacks, which are mostly carried out via email.

If you don’t know how to spot a phishing email, you have some catching up to do. Such scams affect everyone and are now more widespread than ever.

Did you know…?

• The average user receives 16 malicious emails per month.
• More than 75% of companies have experienced an email phishing attack.
• The digital violation costs mid-sized firms $1.6 million on average.
• Phishing is a $5-billion dollar industry.
• 97% of people cannot identify a phishing email, according to a recent survey.

As you can see, phishing is a serious threat to both individuals and businesses — and a small mistake can cost a lot. 

This begs the question:

How can you protect yourself?

The key is to understand how this type of scam works and its warning signs. This will allow you to spot fraudulent emails a mile off.

Don’t worry, beating cybercriminals is easier than you think — and by the end of the article, you’ll discover how it is done.

So, let’s get rolling.

What Is Phishing?

Phishing is similar to fishing in a pond, but instead of attaching the hook to a fishing pole, the phisher puts it in an email. This way, they can steal personal information.

Now you might be wondering:

How is this done?

Well, the phisher poses as a genuine person or company and convinces users to click a link to a website, that looks like the real deal. It’s actually a fake, designed to be the “hook” in the whole operation. Once users enter their information, it is effectively stolen.

Alternately, hackers might trick people into downloading a file that looks innocuous but is actually malware or ransomware.

Malware is malicious software designed to steal data. In contrast, ransomware encrypts all files on an infected computer. The hacker can then demand a ransom to de-encrypt the data.

Now that we know what phishing is, let’s find out the most common types of phishing attacks.

6 Common Phishing Attacks

Phishing attacks come in all shapes and sizes:

1. Deceptive phishing

Deceptive phishing is the least sophisticated and most common type of email phishing scam. It uses a “spray and pray” approach, where mass mails are sent to millions of users.

These are the “You’ve won a prize” and “URGENT message from your bank” messages that try to trick users by instilling fear in them or by blinding them with greed.

Most often a fake webpage is involved, which looks very much like the real thing.

For example, PayPal scammers might send an email, asking users to click at a link to fix a problem with their account. The link will lead them to a fake PayPal page, where their login details will be collected and sent to another site.

Sometimes, hackers play on the users' curiosity by sending out blank emails with a malicious attachment.

This was exactly how Locky ransomware, considered one of the most effective file-encrypting malware, got spread in 2017.

Within just 24 hours, threat actors delivered 23 million emails with a zip file that hid the malicious payload - and a subject line that read “scan”, “print,” or “download”.

Once someone clicked the file, the Locky ransomware encrypted all their files on said computer. To get back the data, the unfortunate victims had to pay 0.5 bitcoin ($2,300 at the time).

Over time such scams have become even more sophisticated. If you want to protect yourself, you must know how to identify a phishing email.

Prevention is the only viable approach here. Once you run malicious software, there’s not much you can do.

2. Spear phishing

Unlike deceptive phishing, this type of scam is much more personalized.

Threat actors customize the attack emails with the target’s name and other details to trick them into believing the email is genuine.

The goal of spear phishing is the same as deceptive phishing — to coax the victim into downloading a malicious file or entering personal information on a fake web page.

On a personal level, attackers could masquerade as a business you trust - like your bank. 

They might send emails stating there’s some discrepancy in your account. To fix it, allegedly, you must click the specified link and fill in the required fields.

While such scams do target individuals, more often than not, they are aimed at businesses.

Spear phishing messages that target companies can come in different forms, like a fake purchase order from a client or a false customer query.

However, the central theme remains the same — to lull recipients into believing the email is from a reliable source.

3. CEO fraud

This is a very specific kind of phishing scam.

It works like this:

The hacker disguises herself as the CEO of a company and sends an email message to a high-level employee, requesting a money transfer to a particular account.

The key to such malicious campaigns is having enough information about the company CEO and presenting yourself as them. 

This is the only thing (and it’s a big one) that makes them stand out from a “spray and pray” phishing campaign.

4. Dropbox phishing

Some phishers target users of a specific company or service.

Take Dropbox, for instance. Millions of people use it every day for sharing files and creating backups.

Given its popularity, it’s no wonder hackers repeatedly target its users.

In one such attack, Dropbox users were told someone has sent them a file, but it’s too big to be sent as an email attachment. The phishers had “conveniently” provided a link, from where to access said file.

Naturally, the link led to a fake Dropbox login page, from where cybercriminals were able to steal users’ login credentials.

5. Google Docs phishing

Hackers target Google Docs users pretty much the same way they prey upon Dropbox users.

Namely, they create a fake Google account login page and then use it to collect user credentials.

Alright, so these are just a few phishing email examples. There are many other types of scams going around.

While the aim and mechanics of these attacks might vary, they all center around coaxing the user to either download a malicious file or enter personal information on a fake webpage. 

Now, let’s learn how to identify such attacks.

10 Tips on How To Spot a Phishing Email

Did you know 135 million attempts at phishing attacks take place every day? Or that nearly 25% of victims never fully recover their losses?

The threat of phishing email attacks is real.

This is because:

Phishers target companies and individuals alike.

If you use email, you’re technically at risk. 

So what can you do to keep yourself safe?

Well, take a look at the following tips the next time you open your inbox.  

1. Don’t blindly trust the display name.

Altering the display name of an email is a classic ploy used by phishers.

This is how it works:

An attacker impersonates a company by using its name while emailing you from a completely different email.

For example, let’s say a hacker wants to spoof the brand “Bank of America.” She might use it with an unheard-of domain name, like secure.com.

So the email delivered to you will look something like this:

Once delivered, the email appears genuine, as most inboxes only show the display name.

However, blindly trusting the display name can land you in trouble — as shown in the above example. 

So what’s the solution?

First, check the email address in the “from” field of the email header.

If it doesn’t match the displayed name, you can bet it is a scam.

That said, even if the email address looks genuine, that’s not enough! Hackers are known to alter email addresses as well.

The good news is that’s all they can fake.

The other fields in the email header can tell you the whole story. Namely - the “mailed-by” and “signed-by” fields.

Emails from legit companies will have these sections. More importantly, the “mailed-by” and “signed-by” fields will have the name of the same company.

Here’s an example:

In case there’s a mismatch between mailed-by and signed-by, the email could be a scam.

Here’s an example of phishing, where while the mailed-by and signed-by fields are present, they don’t match.

2. Check URLs for a misleading domain name.

Let’s say you’ve received an email from this address:

Apple.Infocenter.com

Now, do you think this domain belongs to Apple?

If you said yes, you are wrong. Hackers often exploit people’s lack of knowledge of how this works.

You see, in a domain name, the last part is the most important, whereas the one on the left is basically insignificant.

So, in the aforementioned example, “Infocenter” is the actual domain name. This means an obscure company called Infocenter — not Apple — has sent you the email.

Using a well-known name as a child domain is one of the telltale signs of phishing.

Hackers often use this tactic to trick users into believing the email has come from a reputable source.

Thankfully, you now know better and will not fall for such cheap tricks.

3. Check a link before clicking on it.

No one can fake a domain name - it’s just not possible.

However, any run-of-the-mill hacker can disguise it in a link - that’s as easy as pie.

This brings us to the main question:

How do cybercriminals conceal malicious links?

Well, typically they use any of the three tactics we’ll mention right now.

For one, they might use a link shortening service to conceal the true destination of a link. So - if you see a shortened link in an unsolicited email, be cautious.

Don’t click on such links. Instead, first find out what the link is about using a free URL expander tool, such as CheckShortURL or LinkExpander.

Another common tactic is to use URL encoding to hide the destination of a phishing site.  For example, when the letter “A” is URL-encoded it reads as %41.

Here’s an example of an encoded link: http%3A%2F%2Ftiny.cc%3F712q431bca

The link looks weird — and that’s often a reliable warning sign that something’s fishy.

Here’s the bottom-line:

If a link has a bunch of % in it, don’t click it.

Finally, the last maneuver for hiding a URL is to put the link in text. Fortunately, identifying such phishing emails is easy.

Simply hover the mouse over the hyperlinked text and you’ll see the actual link.

4. There’s an unsolicited attachment.

Emails with unsolicited attachments reek of fraud:

Usually, legit businesses don’t send random emails with attachments. If they want you to download something, they would rather direct you to their own website.

In case the sender is an individual and someone known to you, watch out for high-risk attachment file types like .zip, .exe, and .scr.

If you’re unsure, the best thing to do is to directly contact the sender and confirm if it was indeed they who sent the email.  

5. Check for spelling mistakes.

If an email is filled with typos, poor grammar, formatting errors, or awkward language, it is most likely fraudulent.

Legitimate businesses pay attention when crafting emails to their customers.

While hackers have become more sophisticated, they sometimes still make basic mistakes. You can still identify a suspicious email easily most of the time.

6. Read the salutation carefully.

Who is the email addressed to? Is it addressed vaguely, as in “Dear Esteemed Customer”?

If yes, it is probably a scam.

More often than not, legitimate businesses use your first and last name.

7. The email asks you to send money.

This is a dead giveaway.

After all, your money is what phishers are after. If they are writing to you, they will ask for it, sooner or later.

Don’t act on an email that asks you to send money to cover fees, expenses, taxes, or something similar. It’s a sure-shot scam.

8. The email asks for personal information

It’s always a bad sign when an email asks for personal information, like credit card number or bank account details.

Your bank is not going to ask you for your account details. It already has them.

Similarly, other reputable companies or government agencies will not email you to share confidential information. That’s not how they operate.

If you receive any such email, you can be sure it’s part of a phishing scam.  

9. The email makes an unrealistic offer or threat.

Phishers often trick people into giving up money or sensitive information by promising a reward or just plain scaring them.

Here’s an example:

You get an email that asks you to quickly fill up a form (which asks your account details.) That’s, allegedly, if you don’t want your bank account to be canceled and assets to be seized.

Well, this is obviously a scam.

You don’t need to be Sherlock Holmes to figure out that banks don’t close accounts and seize assets just because someone didn’t reply to an email.

Likewise, if an email offers a reward that sounds too good to be true, watch out.

10. Review the signature line.

You can identify a phishing attack from the signature line.

Does the email give information about the sender? Does it list the contact information of the company?

If not, there’s a good chance the email is an attempt to phish.

Reputable companies always provide such information in their emails.

Still, getting a good antivirus solution can also help you stay safe.

Wrapping Up

Phishing is a type of social engineering attack, in which hackers try to steal users’ personal information.

Over time, such attacks have become more frequent, with research showing that 135 million phishing email attacks get carried out daily.

The best way to thwart such scams is to find out how to spot a phishing email.

This article has shone a light on what to look for when you open an email. Pay attention to that — and you will be fine.

Alright, so this was the extensive guide to finding out how to spot a phishing email.

Take care!