We’ve said it many times before; hackers’ attacks are becoming ever-more insidious and convincing. Today, socially engineered malware is commonplace and very convincing. From phishing to whaling – which are targeted phishing attacks – the point is, all employees are potential targets. At Netwyn, we’ve come up with 7 ways to spot a malware-laced phishing email (some of these concepts may seem basic and self-explanatory, but if hackers can can use these methods to trick multi-million dollar corporations, then they’re certainly worth a read.
Something just Doesn’t Look Right
You don’t recognize the email address or you know the person sending the email seems odd, even a little strange. Maybe the request is not something this person would normally ask for. If something looks off, there’s probably a good read why. This principle always applies to email messages. Attachments – event the ones that look okay like Word docs or are not safe. PDF According to KnowB4.com, the only guaranteed safe attachments are txt. files.
URL Contains a misleading domain name
Hackers who launch a phishing scam also depend on their victims not knowing how the DNS naming structure for domains work. The last part of the domain name is
the most telling. For example, the domain name info.netwyn.com is a subdomain of netwyn.com because Netwyn appears at the end of the full domain name.
Personal Information
No matter how official the email may look, it’s always a bad sign if the message asks for personal information. Think about it. The bank doesn’t need you to send them your account number. They already know what it is. Similarly, a reputable company should never send an email asking for your password, credit card number or to answer a security question.
Grammar and Spelling
Whenever a company sends out a message on behalf of the company as a whole, the message is usually reviewed for spelling and grammatical errors as well as legality. So if the message is filled with errors and inconsistencies, it probably didn’t come from a major corporation’s legal department.
Unrealistic Threats
The majority of the phishing scams we’ve come across try to get people to give up cash or sensitive information by promising instant riches , some artists use intimidation to scare their victims into giving up information.
Government Agency
Using intimidation to scare people into giving up their personal information don’t always pose as a bank. Sometimes they’ll send messages claiming they’re representing or come from a law enforcement agency, RCMP or CRA. Law enforcement and other government agencies follow certain protocols and to use email to extort information is not one of them.