You’ve received an email.

As no phishing filter can keep out 100% of all phishing attacks, there’s a chance the email could be malicious – no matter what it looks like.

How do you check whether or not the email is a phishing attack?

 

Step 1: Is the email expected?

When trying to identify a phishing email, first, take stock.

Before beginning to dissect the email, ask yourself whether or not it was expected.

Phishing emails are typically unsolicited and it’s that that makes them conspicuous. An unsolicited email is the first clue an email might be phishing.

Step 2: Does the email ask you to break company policy?

In a 2017 Vice article, a professional penetration tester revealed how she manipulated an employee to gain physical access to confidential information. First, she garnered sympathy from her victim, then solicited site access without identity verification.

An email chain that somehow leads you towards sidestepping company policies is a red flag. If at any point you’re considering skirting company policies as the result of an email, it’s highly likely you’re under attack.

Step 3: Does the email attempt to evoke emotion?

As we’ve discussed elsewhere, even rudimentary phishing emails are calculated affairs.

Phishing emails seek to tug at heartstrings in an effort to influence behaviours. Evidence of emotional manipulation is therefore something to look out for.

Is the email designed to make you panic, perhaps by claiming criminals are attempting to access your online bank account?

Does the email make you feel guilty? Or sympathetic towards someone in need? Does the email pique your curiosity with the promise of photos or confidential information?

If an email heightens your emotions, take a moment to pause. There’s a chance the email’s pretext is fictional and the email is merely a phishing attack.

Step 4: Does the email include attachments or links?

Phishing emails typically seek to either steal your personal information, install malware or persuade you to do something you otherwise wouldn’t do.

While the latter doesn’t necessarily rely on you clicking malicious links or opening malicious attachments, criminals usually rely on links and/or attachments to steal your information or install malware.

The presence of links and attachments can help to identify a phishing email – especially if the email is unexpected and emotionally manipulative (see above).

Step 5: Check the sender details 

Checking the sender details isn’t foolproof. Email accounts can be hacked and sender details can be spoofed. But, for the most part, it’s possible to identify phishing emails as fraudulent by scrutinising the senders’ details.

Emails that claim to be from companies such as Apple might be sent from domains such as appple.com. Or, they could be from apple.supportstaff.com. Both should raise alarm bells.

What to do if you suspect an email to be a phishing attack

Phishing attacks are on the rise. From time to time, it’s likely that phishing emails are going to land in your inbox.

Alone, they’re nothing to be particularly worried about. If you suspect an email to be a phishing attack, be sure to avoid clicking any of its links or attachments. Instead, report the email to your IT or security team, who can inspect the email in a controlled environment, verify for certain whether or not it’s a phishing attack and take the appropriate course of action.

If you’d like further protection from phishing, CybSafe is developed by psychologists and behavioural scientists to help you spot phishing emails quickly and efficiently. Simulated attacks reinforce new skills, while AI-machine learning ensures the platform adapts to both your organisation’s needs and the threat landscape.

You can arrange a free CybSafe demonstration here.