5 min read

Email Phishing 101

Email Phishing has become an easy and cheap way for attackers to steal money, data, and your login information. It takes several minutes to write a dangerous email and less time to send it to thousands of people. Today we are going to talk about some simple ways to identify phishing emails and help you understand how to respond.

First, lets look at what a phishing email is: Phishing is an attempt to exploit human trust, curiosity, and emotions. In an effort to obtain information or have you take action on their behalf. This could be sending your social security number, credit card information, login credentials, or sending physical cash, checks, or gift cards.

The good news is, most major email providers (Gmail, Microsoft, or Yahoo) provide some level of basic protection to help you identify when an email might be dangerous. Most often they end up in your spam or junk folders thanks to the tools the providers have running behind the scenes. It is best to avoid letting curiosity get the best of you and just delete these emails without opening them.

When opening emails, most of us generally look at the subject first. This can be a good first indicator when identifying suspicious emails. Look for spelling or grammatical errors, lots of random emojis, or things like "saljkloihjersszxxx". Additionally, if the subject seems urgent (you've won something and must respond now or sometimes just the word URGENT), this can be a sign someone is trying to play to your emotions or trick you into clicking further. If you decide to open an email with a subject like the ones outlined above, tread cautiously.

After looking at the subject line, its a good idea to look at the sender. Is it someone you know? Does the email look similar to someone you know? It is very easy to create or "spoof" an email account making it look like its coming from your son or daughter, friend, or the IRS, when in fact it is another attempt to trick you. If it says its from UPS, there should be something after the "@" symbol that says ups.com. Below are some examples of phishing email addresses that I have gotten this week:

This one is pretending to be from Zelle, but they spelled it wrong and "@zelle.com" is missing.
This one from Elon Musk, notice they were able to add "sent by Trusted Sender", but if you look at the rest of email "ymxaogl@atlx.rmmwxutciuk.us" you can quickly see this isn't a normal email address. Anything like this should be deleted.
Pretending to be an email from UPS, but again the email itself doesn't match, there is no "ups.com" in the actual address. Bye.

If you receive emails from addresses like this, delete them, block them, or report them as phishing via your email provider.

We have looked over the subject and the senders address, next lets look into the content or body of the email itself. Here are a few things to look out for:

  1. Misspellings - often English isn't the attackers first language and apparently they don't have spell check. Often words will be misspelled and punctuation will be in strange places or nonexistent.
  2. Grammatical errors - similar to the misspelling, look for sentences that don't make sense or words out of place.
  3. Urgency - often the language is trying to get to your emotions, saying your might miss out if you don't act now or something bad might happen if you don't pay immediately. But most people don't use email if something is urgent! They will call you or text you.
  4. General common sense - you did not win the African lottery on inherent 100 million dollars from a prince.
  5. Links - in general it is just a bad idea to click on links in emails. I rarely click on links unless it is a password reset that I know is coming. It is best to navigate to the link by typing it in manually, for example if I get an email from Chase Bank to review my account activity. I will go to my browser and type in www.chase.com rather than click on the link.
  6. Attachments - Unless you know for sure who the email is from do not open attachments. This is a very easy way for someone to install malware or other dangerous things on your computer.

Finally, I am going to show you a few examples of phishing emails and ways you can use what you have just learned to identify them.

Fake UPS email:

Subject: The last bit of that stands out as strange and not typically how UPS sends emails.
This shows clearly the email address is not from UPS, they just added the "*UPS" to the front of it. This email is coming from Russia.
Here is an example of how Gmail alerts you to a message that might be suspicious, this one was in my Spam folder.
1. "We're here to let you know" is not a normal tone in an email. 2. "We need address confirmation to resent the package" - this would take place when the package was dropped off. 3. The formatting of the "TRACE" button has extra ">>" characters at the end of it, things like this are clear indicators something is off.

Congratulations if you have made it this far. I hope I have shown a few ways you can spot phishing emails. Here is a brief summary:

  1. Check the subject - look for urgency or nonsense
  2. Check the email address - look for things that don't match, UPS <eijfske@yandix.ru>
  3. Check the content of the email - look for grammar or spelling errors, urgency, of things that make you uncomfortable. And do avoid clicking on links or attachments when possible.

As always, reach out with any questions or feedback.

Matt@cyberelephants.com