Phishing – A Beginner’s Guide…
The Lowdown with Lou is BACK! In this edition, get your hooks and worms at the ready… because Lou is talking phishing! These classic email nasties are alive and well – we’ve got some top tips for spotting them before it’s too late.
Thanks for use PayPal! We sent you an email sometime ago asking for your help to resolve an issue with your PayPal account. Since we havent heard back from you and we need you to provide some informations, your account is temporarily limited :”
…Oh my! This is the beginning of an email that dropped into my Junk mail a few weeks ago. It’s busy telling me that my PayPal account is restricted, and the only way I can fix this is to download the attached files, complete all my details, then BOOM! I’m back in business! Seems simple enough…
Phishing emails, (basically fake emails, I refer to them as both, as you’re probably about to find out) are more commonplace these days, and spotting the difference between a real and a fake email is not only really quite easy when you know what to look for, but also really important if you want to keep you and your personal details secure! Phishing emails are usually sent out to try and trick the recipient into disclosing some personal information about themselves. There are many out there, pretending to be from your bank, your favourite online shops, rich foreign royalty, and sometimes even your friends! So being able to spot them before they are able to do any damage is really useful – believe me!
I’m going to use the PayPal email I received as an example to work through as it contains the classic, easy to spot signs of a Phish. First things first though – this was delivered to my Junk mailbox – that in itself should speak volumes! Although sometimes email clients do occasionally get it wrong when sorting what’s junk and what’s not, the fact it’s in there should highlight that there is something fishy about it, and my advice would be to just leave it well alone! If, however you’re not totally convinced of your email inboxes choices (it is a machine after all) then let’s take a look at other identifying features of a fake email.
So, lets begin. Who is it from? In my case, the email was clearly supposed to be from PayPal, so I’d expect to see a PayPal email address (@paypal.com) as the sender. Let’s take a look at who it’s from, (I’ve hidden my email address, as I like to protect my info ;) ) this information can be found at the top of the email:
The sender email is firstname.lastname@example.org. At first, this may look legitimate as all the letters that spell PayPal are there, but they are not in the right order! So this straight away indicates this is not from PayPal, but someone trying to imitate them. If you receive an email always check the sender address – if it’s from a company, the email address should indicate that!
If you’re still not convinced, next have a look at the content. In my case, the email started with just ‘Hello’. Any reputable company contacting you will always use your name – the absence of it suggests they don’t know it, and therefore don’t know you! Also look at how the message is worded, and for any spelling errors. They need me to provide some ‘informations’? And “Thanks for use PayPal!”? Oh dear! Not a good start! Although I haven’t shown the whole thing. this one is littered with spelling errors, bad grammar and bad English. This is also a pretty good indication that it’s not a genuine information request. Reputation and image are a big part in what makes a company, and sending out badly written messages certainly does not support that! Besides – reputable companies will NEVER ask for personal information in this way.
Now, we’ve already spoken about links, and how you should always think before you click. Well the same goes for attachments.
You’ll see above the part of the message that instructs me how to fix my account. It’s really quite simple – just download and open the attached file. Now STOP. Just take a moment to think about what nasty things could be lurking in that download? Viruses, Trojans, key loggers – no thank you! Even if the download is clean, ultimately they will ask for personal information about you, supposedly to ‘verify’ your account, and do you really want to give that away? I hope not. So requests to follow links or download files in emails are a big no no!
I’d hope by now you’ve identified that this is a classic phishing email, but at the end of the day, if you’ve checked all of these and you’re still not sure – still bin the email and contact the company directly. They will be able to tell you if it was a legitimate request or not.
Obviously not all phishing emails are the same – they continue to evolve in order to have the best chance at being successful. This example is probably one of the most straight forward ones out there – so easy to spot when you know what you’re looking for. They often prey on emotions, such as panic (in thinking your account is limited, or that a bargain deal is about to end), greed (telling you they want to give you money – sadly this one is never true) or sympathy/empathy (please help me, my bags were stolen abroad and I need money to get home). Seriously, the list is endless.
So, that is the basic, beginners guide to spotting a phishing email! The best advice I can give though is if something doesn’t quite seem right, or looks a bit odd, then be suspicious! It’s the best way to be!
To recap, the basic tell tale signs are:
If it goes into your junk mail – chances are your email client has made a good call. Just leave it alone!
If you do want to double check it though, check the content, the spelling, the purpose but more importantly the sender – the clues are all there!
Remember no reputable company should ask you to click links in emails to confirm personal information – for peace of mind contact the company direct if you are still unsure, but never click the link!
Until next time, stay safe!