Not a day goes by without seeing some warning about new cyberthreats, chiefly about phishing emails which are doing the rounds and that are designed to trick us into disclosing personal information. We primarily receive these phishing emails from purported banks, insurance companies, authorities, and portals such as Amazon.
Consumer protection bodies always go on about how we shouldn’t open such fake emails — and that technologically, fraudsters’ tactics are becoming increasingly sophisticated.
Read on to find out how to spot fake or phishing emails and what tips you can follow to protect yourself. Fortunately, there is a whole range of tell-tale signs that you can use to tell whether a phishing email has actually landed in your inbox.
What’s a phishing email?
Phishing refers to the mass sending of bogus emails which cybercriminals use to obtain protected, sensitive information such as PINs, log in credentials, or bank details.
The really deceitful thing about such phishing emails is that these emails are amazingly well designed, so much so that often we don’t even doubt their authenticity. Examples include receiving obviously fake messages from your bank asking you to change your password. If you were to click the link in the message, you’d end up on such a well-designed website that you couldn’t tell it apart from the bank’s actual one. If you were to enter new log in details here, the scammer would immediately have unrestricted access to your account.
Cybercriminals also love another type of phishing email: Sending emails with file attachments, which are typically malware. For example, you may well receive a message from an acquaintance in which they send you a zip file with vacation photos. Naturally, you don’t doubt for a second that your acquaintance actually wants to send you shots of their vacation or some file that may be of interest to you. But these could well turn out to be fake — yet time and again people fall into this trap in their droves.
And often enough, this method has a snowball effect. That’s because every time someone opens such an attachment in a phishing email, the attackers also gain access to the email addresses from the recipient’s contact list.
Phishing emails: How cybercriminals get contact information
Cybercriminals mainly use public information sources to get the background information they need for their attacks. Typically, they scour social media such as LinkedIn, Facebook, Instagram, or Twitter where they’ll usually find what they’re looking for very quickly: Information such as your name, job title, and email address are served up there on a silver platter, which the cybercriminals then use to compose phishing emails that appear credible.
Hackers exploit human vulnerability with phishing emails
To send phishing emails, fraudsters use a wide variety of methods known as social engineering to obtain the contact information they’re interested in. And, as just as you’d imagine, cybercriminals rely on human vulnerability to harm unsuspecting victims.
Want to learn more about social engineering methods and the many tricks used by cybercriminals? Check out our blogpost on the topic of social engineering in which we look at hackers’ various methods in more detail.
Spot tell-tale phishing signs in emails
Consumer protection bodies and the Cybersecurity & Infrastructure Security Agency (CISA) are always warning us about new phishing emails.
While this is all well and good, who actually takes the time to regularly look at these warnings?! To avoid becoming a victim of cybercriminals, it’s at least as important to be able to spot the typical tell-tale signs of phishing emails. That’s because, as you already know, scammers prefer to use human vulnerability to get at our sensitive information.
Linguistic and grammatical errors are signs of a phishy email
Received an email and spot right away that the wording is off or it’s full of errors? Incorrectly used words, comma errors, or absurd grammar can be an indication that it’s a phishing email. What bank would ever allow itself to send customers a poorly worded, grammatically incorrect, or inaccurate email?!
Phishing emails are usually sent in bulk and cybercriminals often use translation programs without knowing the language of the respective country.
And emails in which your purported bank addresses you in a different language than usual should also be treated with caution and regarded as potential phishing emails.
If you’re asked to act NOW, the phishing alarm should be ringing loud and clear
Have you ever received a message asking you to act now to avoid something bad happening to you financially? If you’re threatened with exorbitant fines, a blocked account, or even that a debt collection agency will soon come a knocking, you should be suspicious — and your phishing alarm should definitely be ringing loud and clear.
Another scam that cybercriminals often use goes something like this: You’re sent an email saying that some wealthy manager from the US has chosen you as the beneficiary of a six- or seven-figure fortune. And of course, here too you’ll be asked to act now because this vast sum of money needs to be paid out straight away. Would you take the bait?
Generic emails can be a sign of phishing
A few years ago, it was quite common for companies to send us emails starting with “Dear Sir or Madam”. Now, however, email distribution technologies have gotten a lot more professional in the way they address you.
Asking you to open something and input information can be a sign of a phishing email
As we’ve mentioned, phishing emails often ask you to open a file that is sent to you as an attachment, is available for download via a link, or is linked directly to an online form.
As a rule, these file attachments contain malware such as ransomware, Trojans, or viruses that infect your laptop, Mac or PC and which you can only remove with considerable effort.
Eliminate all doubt by taking a peek at the email header
The details about the sender’s email address seem credible at first glance, the text is well written, and the design leaves little doubt as to its authenticity.
But that doesn’t mean a thing. A lot of effort goes into phishing emails, and they’re usually done very well because the cybercriminals know what they’re doing — and the sender information is usually forged.
But take a look behind the sender’s name, such as “Your Amazon Customer Service”, and you may find a completely different address — typically a Google or Freemail account specially set up for this purpose with a combination of numbers and letters before the @ sign.
If you want to eliminate all doubt, a look at the mail header (or header line) is the only sure-fire way of knowing if the email’s legitimate. There you will also find the sender’s IP address, which is forgery-proof and gives you a clear indication of who the actual sender is. Consumer protection bodies or other government agencies provide information on how you go about reading the email header.
Top tip: Check these sites for regular updates on critical phishing attacks.
How to protect yourself from phishing emails: Our top tips
Always remember that cybercriminals prefer to exploit human vulnerability, i.e. our clueless behavior, and be skeptical if you receive messages that seem odd.
Be careful if you are offered links or files to download, even if you receive a message from someone you know. And remember that your email program isn’t the only gateway for cybercriminals to get your information — hackers can also send phishing emails via social media accounts, knowing full well that you trust messages from your contacts.
Protect yourself by updating your operating system and installing security patches regularly
Always keeping your operating system up to date offers a certain degree of protection because updates come with security patches that can protect your computer from possible malware and virus attacks.
However, keep in mind that new phishing attack cases are coming to light every day, and technologically they’re becoming increasingly sophisticated — and all too often we usually only find out about them when it’s too late.
Firewalls help protect against phishing attacks
By default, companies and public authorities all use firewalls to protect their IT infrastructures — and they should also be a must-have for home users.
All digital devices, whether a PC, Mac, laptop, or portable Android or Apple device, come with a firewall. However, these standard components of the various operating systems are usually not quite enough to offer solid protection. That’s why it makes sense to use an antivirus program to help you configure the firewall, such as Avira Free Security allows you to do.
Even with the free version of Avira Free Security, you can configure your Windows firewall settings — and strengthen your protection against the many different online threats.
Protection against phishing emails: Good antivirus programs are a must
Cybercriminals use phishing emails to install ransomware, Trojans, viruses, and such like on your devices, which is why a sophisticated and reliable antivirus program is a must.
The latest antivirus programs are designed to protect your digital devices from different types of malware, while always keeping pace with hackers’ latest developments.
Ideally, you should go for an antivirus program that’s tried and tested as well as easy to use.
Even with the free Avira antivirus solution, you can increase your protection against viruses, regardless of what the specific cyberthreats may be. This solution includes far more than just phishing protection.
Avira Antivirus is a lightweight antivirus program that won’t sap your system’s resources. This solution can help you get rid of all kinds of malware that gets onto your computer or mobile devices via phishing emails — and it also factors in performance and privacy during its scans.
