10 Tell Tale Signs of a Phishing Email: Identifying Spam Scams

Cybercriminals carry Email phishing scams online, including tech-savvy scammers and identity theft criminals. They use spam emails, fake websites, and emails to dupe users into providing sensitive information, like banking passwords and credit card numbers. Once you take the phisher’s bait, they use this information to create fake accounts to steal your money or identity. For businesses, phishing scams can lead to data breaches that result in losing confidential business data and customer information. With that, the financial ramifications of such breaches can be substantial.

Even large companies with extensive resources can be successfully targeted by phishers. Cybercriminals often mimic well-known brands such as Microsoft, Google, and Amazon. Cloudflare's phishing statistics reveal that 51.7% of malicious emails were crafted to appear as legitimate messages from these companies.

TitanHQ offers easy, affordable security awareness training with real-time phishing simulations, all launched in just a few clicks. Experience security training through real-time, gamified phishing simulations designed to maintain employee engagement and enhance their ability to detect and prevent cyber threats.

1. Check Sender’s Name

Without opening the email, look at the sender's name. Does it exactly match other emails from the same party? If not, it could be packed with malware.

2. Confidential Data Requests

Be cautious if asked to reply with confidential data - A legitimate business will not ask you to furnish your username and/or password or to click a link to change your password. If an email requests banking information, be suspicious. Please don’t fall for it.

3. Unrealistic Offers

Exercise skepticism when offered something valuable at little or no cost – The “Nigerian prince” scenario comes to mind. Or you have won some sweepstakes that you never entered. Remember that even if you know the sender, the sender’s address book could have been hijacked and used to disseminate phishing emails.

4. Threats and Urgent Demands

Be wary of emails threatening dire consequences if you don’t comply:

• “Your computer has a virus” – This is a trick in email and website pop-up advertisements. You are asked to download a “security package” to combat the virus. Unfortunately, rogue security programs are one of the most common sources of malware infection. Ignore warnings about malware from any source except your verified antimalware program.

• The email asks for “urgent” or “immediate” action, particularly involving financial transaction - Confirm any such requests by telephone or, better yet, in person. Check with managers at your company before clicking on or replying to such emails.

5. Confidential or Private Requests

If the email purports to be a “Confidential” or “Private” request, be cautious. – The sender is trying to keep you from verifying the email with another party. Don’t believe it.

6. Exercise Caution with Attachments

If an email contains an attachment** that purports to be an order confirmation** or receipt, think twice – This approach is also used for supposed package shipment documents. Think: have you ordered anything from that company? If so, do past emails have the same format and look? It is better, in general, to access information on an official website than to click links in an email or download an email attachment. In most cases it is possible to go to an official website to verify the email contents and get further information.

7. Check Document Extensions

Be cautious of an email that has an attachment with some non-standard document extension - attachments are a major source of infection. A standard document extension for Microsoft Office would be one ending in .docx, .xlsx, or .pptx. These should be OK. But if the extension ends “m” (for macro), the document contains some embedded code that may execute when you open the document. Any Adobe Reader .pdf or zip file .zip document can contain malicious website links or malicious JavaScript files that could unleash a malware infection. The best advice is to check with the sender before downloading an attachment.

8. Tax Season Caution

Is it tax season? - During tax season, there is a bump in spear phishing and telephone scams by “tax authorities” requesting financial information or providing tax “receipts” that are malware in disguise. Last year, the IRS identified an astonishing $5.7 billion in tax fraud schemes, more than double the amount reported in 2021.

In these instances, phishers may employ deceptive tactics to trick a company employee into divulging their W-2 form. They achieve this by crafting an email that appears to originate from the company’s HR department, urging the employee to return their W-2 form via email. If the employee falls for the scam, the attacker will attempt to file tax returns in the employee's name, thereby stealing the victims’ tax refunds.

9. Verify Sender’s Email Address

Ensure the sender’s email address aligns with the email’s contents - Does it make sense that an email from UPS would come from an address such as j.shi@jung.com? Probably not. How about from no.reply@up.s.com? Notice the periods. This is not from UPS, it is from up.s. The “from” address in an email can be faked. Do not assume that if it comes from a known address it is legitimate.

10. Check for Awkward Wording

Check for awkward wording in the email – Does the content appear to be proper English (or whatever language it should be)? Check the tone and grammar. Does the email sound like it was translated from a foreign language? Then, it could come from a non-native hacker.

Understanding Phishing Scams

Phishing scams are a type of cybercrime in which scammers use email or text messages to trick victims into giving them personal or financial information. These scams can be launched in large numbers, with thousands of attacks occurring every day. Phishing attacks are often used to gain access to email, bank, or other accounts or to sell the stolen information to other scammers. To protect yourself from phishing scams, it’s essential to understand how they work and what to look out for.

Phishing Tactics

Phishing scammers use various tactics to trick victims into giving them sensitive information. One common tactic is to create a sense of urgency, telling the victim that their account will be suspended or they will miss out on a reward if they don’t act quickly. Another tactic is using social engineering techniques, such as crafting phishing messages that appear from a trusted source, like a bank or credit card company. Phishing scammers may also use phone calls or text messages to contact their victims, making it harder to spot a phishing attempt.

Tell-Tale Signs of a Phishing Scam

There are several tell-tale signs of a phishing scam. One of the most obvious signs is poor spelling and grammar. Legitimate companies usually have professional email templates and proofread their messages carefully. Another sign is a suspicious attachment or link. Phishing emails often contain malicious links or attachments that can install harmful malware on your computer. Be cautious of emails that ask for sensitive information, such as login credentials or financial information. Legitimate companies will never ask for this information via email.

Consequences of a Phishing Scam

The consequences of a phishing scam can be severe. If you fall victim to a phishing scam, you may lose sensitive information, such as your login credentials or financial information. This can lead to identity theft, financial loss, and damage to your reputation. Phishing scams can also harm the reputation of the companies being spoofed, making it essential to report any suspicious emails or messages.

What Do I Do if the Email is a Phishing Email?

If the message is suspicious, there are some steps you can take:

• Do not click on any links in the email.

• Hover your mouse over any links in the email. If you know what the real links should be, such as for a frequent customer or vendor, compare the real link to the link in the email.

• Google any companies, individuals, addresses, and phone numbers in the message. Look at more than the official company website; fake websites can be set up quickly.

• Do not use “reply” to answer a suspicious email from a known entity. Instead, create a new email and use the address in your address book, not the one in the received message.

• Tell other people in your company about the phishing email you received. Knowledge is power!

• What is the easiest way to check if an email is phishing? Use another communication method, such as the telephone or snail mail. But do not use the address or telephone numbers in the email. Google the real company website or obtain the actual phone number from the white or yellow pages online. Otherwise, you could be contacting the phishers!

While phishing techniques are getting more sophisticated, there are lots of things users can do to avoid being phished. Phishing attempts are often used to gain access to email, bank, or other accounts, or to sell the stolen information to other scammers. IT pros need to ensure their organization deploys a powerful spam filter that scans inbound and outbound email and provides RBL blocking and pattern filtering. Spam filters vary in effectiveness and are only part of the solution to preventing intentionally malicious attacks — especially phishing emails.

Reporting Phishing Emails

If you suspect a phishing email, reporting it to help fight scammers is essential. You can report phishing emails to the company being spoofed, as well as to the Federal Trade Commission (FTC). The information you provide can help authorities track and stop phishing attacks. You can also report phishing emails to your email provider, which can help block similar emails in the future. By reporting phishing emails, you can help protect yourself and others from falling victim to these scams.

Protecting M365 from Phishing Attacks

PhishTitan is a next-generation phishing protection and remediation solution powered by TitanHQ. Our proprietary machine-learning algorithm integrates directly with Microsoft 365, catching and remediating sophisticated phishing attacks Microsoft misses. These refined, zero-day attacks are currently being missed and are where the real damage occurs.

Our proprietary machine-learning algorithm integrates directly with Microsoft 365, catching and remediating sophisticated phishing attacks Microsoft misses. With over 345 million paying users, Microsoft 365 is one of the most popular business application suites and has become a popular target for cybercriminals. MSPs must ensure they can offer their customers a multi-layered anti-phishing solution that is cost-effective and easy to manage.

PhishTitan has powerful features that allow an MSP to tailor and focus on threat detection and auto-remediation. PhishTitan reports, for example, allows an MSP to identify the most targeted customers, allowing focused action to be taken. Also, PhishTitan's "Post Delivery Remediation" feature enables MSPs to remove malicious mail that has arrived in an inbox. MSPs can automatically remove a threat from multiple users' inboxes at once.

Auto-remediation and AI-powered anti-phishing tools like PhishTitan are essential for mitigating complex phishing attacks.

Ask for a demo of PhishTitan to see how auto-remediation could help your business.