+45 4445 1585 [email protected]

How you spot a phishing email

by Mar 13, 2020IT security

With the large increase in the number of ransomware virus infections that are often delivered through phishing emails, it is extremely important to take steps to ensure oneself and the company’s security.

Make sure that your devices are up to date (computer, tablet, smartphone, etc.), it makes a huge difference in how difficult it is to infect your device.

It is important to be skeptical and alert. At the same time, you should inform and help colleagues to spot phishing emails before they can do any harm.

 

Here are 10 great tips for spotting a phishing email

 

1)  Never trust the sender

Although the name of the sender is one you know or trust, it is not given that it comes from this person. To find out who the sender is, look at the sender’s email address.

Example:

An email from [email protected] (@ MAIL.DK) is not the same as mail from [email protected] (@ MAII.DK)

Note the last letter is a capital “i” and not a small “l”.

 

2)  Read carefully before you “click”.

Drag the mouse over links without clicking on it. If the text in the bottom left corner looks weird or does not fit what the description of the link shows, do not click it! If you have an IT department, you should report your discovery to them.

Example:

If “SKAT” (The Danish Tax Authorities) writes to you and asks you to log in with a link that looks strange. Then go to www.skat.dk’s website yourself and log in that way around the mail.

If you receive an email from Postnord (the national postal service) or similar with a strange link / track and trace, you should ask yourself. Am I waiting for a package? If so, then use their website and manually enter the “Track and Trace” number there first.

 

3)  Look for grammar and spelling mistakes

The IT criminals are less concerned with spelling and being grammatically correct than a real sender would be.

Example.

Translations that could be made by a computer will most often fail by for instance translating directly. Unfortunately, not all phishing emails and all spelling mistakes are made by computers, but by real people and likewise, they get better and better at it.

 

4)  Think about the introduction

Is the introduction to the email very general or poorly worded? Topics or introductions such as “Valued Customer” or “Dear [job title]” can be computer-generated or a general email that can be sent to many. Today, we see several tailored emails for named individuals and companies. A general topic can be reused for many people, and thus will an introduction: “valued customer”, raise a red flag so that you will not disclose sensitive information, such as credit card, credit card number, log in, etc.

Basically, the composition of an email that caters to many and at the same time wants personal information should be a good reason to stop!

 

5)  Is personal information requested which normally would require NemID?

Usually, sincere companies do not ask for personal information in a regular email. If the sender wants information about NemID, their message will appear in your e-boks.

Mail that claims to be your bank will write to you through their own mail system or via e-boks. If necessary, speak to your bank about their procedure.

 

6)  Pay attention to urgent/reward emails

These emails may sound like you need to respond quickly or maybe even here and now.

Example:

You probably know the story of the lawyer of the late billionaire / dictator looking for investment opportunities, help with a bank transfer (with a generous bonus / reward) or the news that you have won a large (unlikely) amount of money.

A rule of thumb should be; If that sounds too good to be true, it probably is.

 

7) Always check the email signature

Most mails from sincere employees have a full signature with their name, logo and phone number at the bottom of their mail. However, the tailored phishing emails for companies may look very similar or be copied directly into.

 

8)  Be careful about enclosed/attached files

The evil “IT backers” might try to trick you with an attachment in the email. It may be a file with a very long name, of a suspicious / unknown file type or the like.

Example:

Install.exe, sheet.jar, onedrivecloud.zip, etc.

 

 

9)  Do not believe everything you see

If it seems mysterious or abnormal, it is best to report it to your IT department before taking any further action. Rather once too much than for one too little.

 

10)  When in doubt, contact your IT department

No matter what the time, and what it is about, most IT departments would rather be contacted about something that proves to be sincere and harmless than something that puts the entire company at risk.

Heidi Hinz
Partner/CEO
Gratis e-bog om IT-sikkerhed

I E-bogen vil du finde en række gode råd til at forbedre it-sikkerheden i jeres virksomhed.

Free IT security ebook

In this ebook you will learn best practises on how to improve the level of IT security in your company.