Finding the Phish

Written byDan Goodmanon

Determining whether an email is phishing is getting harder every day. Phishing artists are gaining the skills of real web developers, and as a result their craft is becoming impeccable. So how do we find phishing emails among the sea that is your inbox? This guide will break down the fundamental methods so you can quickly look at an email and determine whether it's phishing.

Sender Validation

Making sure the sender is actually the sender is the first step. What does that mean? The sender is actually the sender? Well with email, the person sending the email is not always the same as the reply-to, and the sender name. Let's look at this example email below:

This email is from a large phishing ring that pretends to be many different companies including Terminix, ADT, and many more. As you can see in the top left of this image, the from name and actual sender is quite different than the claimed origin. This is a fast check that you should always do when starting an email chain. For more information you can find the "Show Original" option to look at much more technical data:

Link Safety

What is probably the most suggested means of checking for phishing is to make sure the links go where you expect. Is the email from a company? Well the links should probably go to the company's website, the same domain that the email came from. Let's take a look at the same example again:

As you can see in this image, the link from a button is far different than the sender's email. Furthermore, it does not go to Terminix's website. Many emails may use url shorteners in their links to try to make the email smaller, and do some fancy click tracking. If you come across one of these, google "URL shortener checker" or "URL expander" and use a website like http://www.getlinkinfo.com/ to see what is on the other side of a link before clicking on it. Here is an example of what you may find:

As you can see, we discovered that from this tinyurl, we would actually get directed to an evil website, all without clicking on the link.

Good work, so far you are becoming a real digital detective!

Typos, Errors, and Design

While this happens less and less typos, errors, terrible design, and illiteracy can be obvious signs of phishing. Let's take a look at this painfully obvious example of a phishing email:

In this example, you can see poor design, language that doesn't make sense, and plenty of syntax errors like capitalization make this email obviously phishing.

Context

One thing that people tend to forget when looking at a potential phishing email is:

"Does it make sense that I got this email?"

Too often people overlook the fact that there is no reason that someone would be offering them something over email, or getting something from work that it outside your job description. Does your CEO really need to email you? Does an African prince really want to send you $108 million? If you don't think the email makes sense for you to get, then you are probably right. If you have any questions of validity from someone you work with, call, text, Skype, Slack, etc. them and ask them if you sen't you an email. If they are asking for any sensitive or internal information, definitely ask them over another communication platform first.

Conclusion

Now you should feel pretty confident in your ability to protect your self from phishing. Good luck out there!