Phishing Awareness

Being aware of the potential threats via mailboxes is a step towards cyber-crime prevention.

Steps To Identifying Phishing Emails

What key points you need to consider when you’re unsure

Below is a prime example of a typical phishing email, imitating Virgin Media.
We have taken specific elements from the phishing email and identified them step by step.

1. Identifying a fake email address

Get into the habit of carefully checking email addresses on incoming emails. A cautious glance will train your eye to detect the subtle anomalies of a phishing email. This can be the difference between a successful phishing attack and keeping your business safe.

2. Clickbait subject

Pay heed to the subject field  they will often contain phrases of great urgency. In this case Important Billing Notice, but other examples might include Password check required immediatelySecurity alertor A delivery attempt was madeThese are carefully crafted to reel the victim in. It’s worth consulting a legitimate communication to ascertain the type of information your service provider will request of you. 

3. How the email addresses the recipient 

A key identifier of a phishing email is generic addressing of the recipient, such as Hello, as opposed to a direct, personalised address

Phishing attempts are typically conducted on a large scale, which is why their impersonal address can be a giveaway.

4. Vague or generic content

The same applies with the email content. Vague information is a significant sign of phishing and denotes the possibility of a mass-email campaign. The requesting of personal information via email is also a key indicator, as most companies never ask for this.

5. An unnecessary sense of urgency

An urgent or threatening manner will often follow, stating that your service could be cut off in the event of non-compliance. This is the main method cyber criminals use to coerce money out of victims, creating a sense of urgency which is only heightened if the email is a spoof business communication.

6. Malicious URLs

Under the guise of helpfulness, a phishing email will often contain a URL claiming to go to a login screen in order to remediate the supposed problem. Never click these. Malicious URLs are often a vehicle for a malware payload or a way to draw victims into the attackers’ snare. By entering your details into false forms, you are effectively handing your credentials over to cyber criminals.

7. Inconsistencies in spelling and layout

Formatting errors are also an obvious sign of a phishing email. Our example highlights a difference in text size, denoting a hastily-assembled email message by a hacker. Be sure to look out for spelling and grammatical mistakes too – professional communications rarely contain these. Their presence denotes a crude phishing attempt. 

8. Email signature

The email signature looks very convincing in this example; Virgin Media often signs off emails with The Virgin Media Team. However, that signature is often used for marketing or less urgent communications.  
A legitimate communication of urgency will often be dealt with by an individual representing Virgin. In this case, the phisher has used it as a generic sign off to falsify authenticity. The same applies to any other phishing email you might receive. 

What is a phishing attack
and why are they dangerous?

Types of Phishing Scams

Spoofing Scams

A spoofing scam fosters trust from an end-user by imitating a known contact. If the end-user then opens the seemingly legitimate link, often imitating a Dropbox or Microsoft SharePoint document, not only is the URL ridden with malware, but it also leads the user to a realistic imitation of the expected website. Because the site looks legitimate, the user enters their credentials, which are then harvested by hackers.

GDPR Scams

Even after the implementation of GDPR, email campaigns asking users to accept a new mandatory privacy policy due to changes in legislation as a result of GDPR, are still prevalent. Clicking on the URL provided, however, prompted recipients to submit personal data including financial and account details.

Whaling Scams

This is a relatively new type of phishing email that specifically uses board meetings as an email topic to target C level executives. The email will appear to come from the CEO and will ask Board members to reschedule the meeting via a link in the email. Once this is clicked, you have opened the door to your credentials for the hackers. The email may even have a subject headline or content that appears to be unique or specific to your business.

Tax Scams

HMRC scams are often used to bait phishing victims, taking the form of a promised rebate if the recipient completes a tax refund request. Clicking through to the website, which also looks legitimate, reveals a form asking for personal details in addition to bank account details.

Sextortion Scams

One of the more prevalent phishing scams, sextortion sees criminals sending out emails claiming to have recordings of the recipient watching pornographic content. To give authenticity to the threat, a criminal might send a previous password of the recipient’s, acquired from a past data breach, but claiming it to be a recent hack.

Weaponised Attachments Scams

A particularly dangerous phishing attack, cyber criminals have been able to weaponise PDF attachments. Once opened, the XML within the attachment runs a script, bypassing security and granting the attacker remote access to the recipient’s infected PC.

Banking Scams

One perennial phishing scam comes from an email stating that a bank transaction was rejected. The victim, fearing a fraudulent transaction has been made in their name, will click on the link provided in the phishing message and leave their data vulnerable in the process.

Lottery Scams

The idea of winning the lottery is an appealing thought to most. As such, lottery phishing is popular. Offering the ability to ‘claim your prize’, lottery phishing emails typically request your name, address, bank account details, or PayPal information. Fraudsters can then sell this information on the dark web.

Child Porn Phishing Attack

This currently circulating phishing campaign is particularly dangerous – not only does the email manufacture a malicious, damaging, and costly extortion attempt by implicating the victim with possession of child pornography, but it also contains links potentially riddled with malware.

Examples of phishing emails

Phishing Attack

Request A Callback