Phishing Emails - Read How They Do It
Phishing emails (fishing) as the name suggests is a scam where cyber criminals dangle a fake lure hoping you the recipient will take the bait.
The email you receive may look legitimate as it will more than likely appear to be from a person or a company you have dealt with before, they are clever as the content will hold some relevance in order to get your attention.
Here is an example of what a phishing email could look like and the points to look out for:
Let’s say for the purpose of this example the recipient is a customer of CSCM and currently uses our services.
1/ It appears to use an email address of a company the recipient is aware of.
2/As CSCM offer an IT Support service and have a legitimate email address that’s known as support@ they have added this to the email to try and show familiarity andmake it look genuine.
3/ Here is a warning flag, this is an odd time of the day for an email to come out.
4/ They have put the email subject in bold so that’s going to jump out to you - it’s also a CALL TO ACTION – they are telling you that you need to do something, so open this email.
5/ Here is a second warning flag, they have not put any opening greeting, most companies when addressing their customers will open with a greeting so it looks professional and courteous.
Instead what they have done is put another bold headline to grab your attention, they have reiterated this is email is about you and reinforced this by again putting your name.
6/ Another Call to Action telling you the consequences of not taking action straightaway, obviously you cannot afford to lose files and data.
7/ This is the BAIT, click on this and it will lead you straight to them. Surely to upgrade you could have just replied to the email? If you hover over a suspicious link it may contain in it somewhere the name of the company it’s allegedly from but there will also be a lot of other URLs and wording that doesn’t make sense. If in Doubt never click!
8/ Here they are trying to push you to take action by reiterating the consequences of doing nothing.
9/ How many emails from legitimate companies do not include a company LOGO?
10/ To give you further reassurance they have closed the email by again putting CSCM and a team they know exists in that company, this will feel familiar and give you confidence this is legitimate.
Lastly the final warning flag here is the lack of closure on the email, again most companies formerly close with kind regards and a name.
We are offering free hard copies of this hand-out, please click to Receive one.