4 min read Security Tech Riffs

How to Spot a Phishing Email

Apr 27 2017

Hey, everyone. Thanks for tuning into another episode of Tech Riffs. My name’s Killian Smith, and I’m a systems engineer at Worksighted. Today we’re going to talk about something really important, and that’s how to spot phishing emails.

If you’re unaware, phishing emails are basically emails that come to your inbox with malicious intent to try to steal your confidential information or infect your computer with something. Now, even with some of the best IT practices in place, like spam filters and other things, some of these emails can still get through. So it’s really important to be able to identify them so you can go ahead and get rid of them. Let’s talk about how to do that right now.

Okay, let’s get started by looking at an email we have here. One of the first things is we can look at the email signature. It doesn’t seem to follow any sort of corporate guidelines and it’s super generic. Another thing we can look at is right here. The name Joe Smith doesn’t match the name that’s in the email that it’s being sent from. That’s a big red flag right there.

Something else, we don’t know this person and they’re sending us an attachment. Plus the attachment name is really quite strange. It’s really, really long, and it doesn’t seem to make any sense. Also, look out for spelling errors. We can see right here services is spelled wrong. And down in the next line, it looks like they forgot the D on need.

Another thing we can look for is overall tone of this email. They are trying to make us feel afraid that we’re going to lose something if we don’t act quickly. Phishers and scammers often rely a lot on playing with your emotions. Sometimes they’ll make you feel like you have to pay money and do other things that you may not want to do and that you have to do them quickly, so you don’t have good amounts of time to think about that stuff.

Finally, one other thing we can look at is any links that are in the bottom or anywhere in the email at all. We look at this link, and it says www.librarylogin.com, but if we hover our mouse over it, we look at the link that it’s actually taking us to, and it’s www.accountservices.com. This is a super common technique that people trying to send bad emails use to get you to go to places on the internet that you don’t want to go to.

And to wrap up, it’s always really important to remember to expect the unexpected. Oftentimes they’re going to try to send things that look like resumes to people in HR or they’re going to send things that look like Excel documents to people in accounting. Anything that they think that you’re going to open quite often, so that you open it without even thinking about it. Always be suspicious, especially if you don’t know who the sender is.

If you really don’t know, please reach out to your IT department. They’re going to be super happy to help you just to keep anything nasty off the network. And that’s a wrap, which means it’s time for my shameless plug. You can learn about this and other cool tips by going to worksighted.com.

Worksighted Team

We are a team of over-enthusiastic people, ready to help our clients utilize technology to spur growth! We love technology and come to work every day eager to solve problems and find ways to impact our clients.