Detect phishing emails

14. July 2017

Almost every day, users become victims of so-called phishing emails.
Therefore, in this short post, I would like to point out the details that can be paid attention to in order to identify malicious emails.

Of course, this is not a protection against spear phishing emails as used by professional hackers or penetration testers. I have also attached an example of such an email below.

Phishing emails can vary greatly, most usually contain file attachments or links. Below I explain two examples of how you end up in the mailbox almost every day.




#1 File attachments

These attachments often contain malicious code, which is executed when opened. Here, the effects can range from the installation of adware (e.g. unwanted adverts in the Internet browser) to the complete compromise of the system.

#2 Links

These can either lead to websites that load malicious code via drive-by downloads and have the same impact as file attachments. Or the user is redirected to a website which is a copy of a login (e.g. savings bank, PayPal, amazon, etc.). If the user enters his access data there, it is transmitted to the attacker so that he can take over the respective account.

How do you recognize these emails?

  1. E-mail sender
    In addition to the displayed name, the actual sender should also be checked. A displayed name “PayPal” with the sender makes little sense.
  2. Time
    Emails which are sent at 03:38 do not speak good working conditions of the sender…. Of course, these are often sent by so-called bots, which do not pay attention to the local time.
  3. Salutation
    A general and impersonal salutation, such as “Dear Sir or Madam” or “Dear Customer”, can also be a sign of an automatically generated phishing e-mail.
  4. Spelling & Formatting
    Reputable companies do not send emails with gross spelling or formatting errors (As a rule ;-).
  5. Close
    No name under “Sincerely yours” or false information about the company are also an indication of a phishing email. Check even trivial things, such as the company’s registered office, when you receive such emails. This is as trivial to find out as a correct spelling. For example, Amazon is not based in “Amazon EU S.a r.l. (Societe a responsabilite limitee), 3 Rue Paerer, L-2358 Paris” 😉

With these fairly simple control steps, many phishing emails can be detected and safely deleted. For more information on technical protection options and user awareness, just contact me.

Finally, here is the announced example of a spear phishing email as it could have been sent in July 2017. This would have a much higher probability of the attachment being opened by the recipient than the above example.

Similar posts

The best security measures are useless if weak credentials are chosen. This raises two essential questions, which I would like [...]

26. June 2017

WordPress is still the tool of choice, especially for newbies, to quickly create a respectable website. All nice KlickiBunti, so [...]

26. June 2017

We are safe because we have a virus scanner and a firewall! This statement is often the first to fall [...]

11. July 2017

Every day, millions of people become victims of cybercrime. These are usually not targeted by professional hackers, but fall victim [...]

3. October 2017