Detect phishing emails

Jul 14, 2017 | Security Advices & Tipps

Almost every day, users become victims of so-called phishing e-mails.
Therefore, in this short post, I would like to point out the details that can be paid attention to in order to identify malicious emails.

Of course, this is no protection against spear phishing emails as used by professional hackers or penetration testers. I have also attached an example of such an email below.

Phishing emails can vary greatly, most usually contain file attachments or links. Below I explain two examples of how you end up in the mailbox almost every day.

 

 

 

#1 File attachments

These attachments often contain malicious code which is executed when opened. The effects can range from the installation of adware (e.g. unwanted adverts in the Internet browser) to the complete compromise of the system.

#2 Links

These can either lead to websites that load malicious code via drive-by downloads and have the same effects as file attachments. Or the user is redirected to a website which is a copy of a login (e.g. savings bank, PayPal, amazon, etc.). If the user enters his access data there, these are transmitted to the attacker so that he can take over the respective account.

How do you recognize these emails?

  1. E-mail sender
    In addition to the name displayed, the actual sender should also be checked. A displayed name “PayPal” with the sender beate.meier@web.de makes little sense.
  2. Time
    Emails sent at 03:38 do not speak good working conditions of the sender…. Of course, such messages are often sent by so-called bots, which do not pay attention to the respective local time.
  3. Salutation
    A general and impersonal form of address, such as “Dear Sir or Madam” or “Dear Customer”, can also be a sign of an automatically generated phishing e-mail.
  4. Spelling & Formatting
    Reputable companies do not send emails with gross spelling or formatting errors (As a rule ;-).
  5. Close
    No name under “Sincerely yours” or false information about the company are also an indication of a phishing email. Check even trivial things, like the company’s registered office, when you receive such emails. This is as trivial to find out as a correct spelling. For example, Amazon is not based in “Amazon EU S.a r.l. (Societe a responsabilite limitee), 3 Rue Paerer, L-2358 Paris” 😉

With these fairly simple control steps, many phishing emails can be detected and safely deleted. For more information on technical protection options and user awareness, feel free to contact me.

Finally, here is the announced example of a spear phishing email as it could have been sent in July 2017. This would have a much higher probability of the attachment being opened by the recipient than the example above.