We regularly see what we would consider to be common ‘phishing’ emails. We also regularly resolve the havoc that’s wreaked in the wake of an end-user accidentally following through with the phishing request. We thought it may help to explain what a phishing email is, and how to easily recognize them, as it could save someone from considerable problems – anything from stolen money to stolen identities.
Phishing emails attempt to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy source. You can see an example of this type of email below:
How To Easily Detect A Phishing Email
First off, reputable businesses will not solicit this type of information via email. Visually, this email has the earmarks of an untrustworthy source because it is poorly formatted, it doesn’t include a name in the salutation (just Dear PayPal member), it uses poor grammar, etc. What makes it more deceiving is that the header of the message (where one sees the sender’s email address) clearly shows that it is from the legitimate domain, in this case “paypal.com” (see red circled areas in image below).
How is this possible? Well, this deceptive practice is called “spoofing”, the creation of email messages with a forged sender address. It should be noted that a significant number of consumer mailboxes use methods to protect against this type of activity, but many don’t. Yours may be one of them.
Finally, the sender can very easily create a fraudulent link to a malicious website, yet display the text of the link as legitimate, in this example “www.paypal.com” (see circled purple link in image below). An excellent way to be sure you are dealing with a fraudulent email is to simply hover (don’t click!) your mouse over any link that the sender is requesting you click to do something like “login to your account”. As you can see in the image below (inside the red square), this will produce a hover box that will display the underlying (real) link to where you would have been taken had you clicked the link. Note: if you are using a mobile device such as an iPhone, you can press and hold your finger on a link to display the underlying link – be sure to press AND hold, otherwise you will activate the link.
You would not have been directed to a paypal.com website as it appeared in the text of the link, but instead to a fraudulent IP address (188.8.131.52). And who knows what evil lurks there! Also, pay no attention to the “paypal.com” that follows the IP address, as anyone can create website sub-directories with any name or number they choose.
Well, there it is. Some hopefully helpful tips that you can apply to phishing emails, or really any suspect email.
Thanks for reading.