Like what you see so far?

Sign up for our newsletter and get great content delivered straight to your inbox.

Posted October 29, 2018 in Risk Advisory

Identifying a Phish: 5 Questions to Ask Yourself to Ensure an Email is Safe

The importance of email security is a popular topic as the frequency of cyber crime continues to be on the rise. Phishing is one of the most common tools criminals use to lure victims to visit infected websites, open attachments, or provide credentials or personal information.

Phishing emails have become more sophisticated and can be difficult to discern these illegitimate emails from legitimate ones. When viewing emails, I recommend everyone be on a lookout for phishing emails, including sophisticated ones where the emails have nice graphics, good grammar, and lead to authentic-looking phishing web sites.

There are 5 questions you should ask yourself before you click on anything when you suspect the email may be a phish.

1. Does the email express a sense of urgency?

Emails that express an urgent request to act now, such as account suspensions or closures, are very common tactics used in phishing emails. This creates a sense of panic and entices you to click or act quickly under stress without thinking.

2. Have I ever received emails like this before from this service provider?

Does the service normally send emails like this? If this is something new, approach with suspicion.

3. Does the message make sense?

If you don’t bank with RBC and they’re sending you a “suspicious account activity” email, why would you click on it?

4. What is the email address the message was sent from?

Is it the same email address as all the previous email alerts you received from this service provider? Email addresses can be spoofed, but there is technology in place like Sender Policy Framework (SPF) records that many “cyber mature” companies are now using to prevent spoofing. This forces cyber criminals to use a different email address that you may be able to spot.

5. Does the link in the email lead you to the company’s website?

Check the spelling of every character if you’re not sure. Beware of doppelganger domains, where a malicious domain looks almost exactly like the legitimate one.

If you are still in doubt, consider contacting the company directly to verify that the email was sent from them. There are also some advance steps a computer savvy user may wish to take if opening the suspicious email is absolutely necessary.

You can open a link or an email attachment for further inspection on a fully updated virtual machine (VM) specifically designated for the “dangerous stuff”. The VM then gets reverted back or recycled. If you don’t have a VM handy, you can consider clicking the link on your fully updated iPhone or iPad, ideally designated for this purpose. This method is controversial and can be debated. The way the iOS is designed (only Apple signed apps can run on the device, additional sandboxing between the apps) it’s pretty hard to compromise it without having some hard-to-find zero-day vulnerability exploit (mostly used by state sponsored attackers).

Once on the suspicious site, try submitting incorrect credentials first. A lot of phishing campaigns will normally tell you that authentication was successful no matter what you enter for credentials. Ensuring the phishing site validates the credentials received from the victim is an extra step that most attackers don’t want to take. Obviously, if you log in with wrong credentials, it’s a phishing site.

Lastly, keeping your device and software fully up-to-date with all security patches is paramount. While the software vendors are generally pretty quick with releasing critical security fixes, it’s still sometimes up to the end-user to actually install them. Cyber criminals will often try using the newest exploit while the patches are still not widely deployed to maximize the phishing campaign success rate.

To sum up: be vigilant and keep your devices up-to-date to help protect yourself and your organization from cyber attacks.

Want to learn more about emerging threats?

read Theo's post about the consumer cyber security landscape