Identifying a Phishing Email

Phishing is the most used type of social engineering which involves sending an email that mimics a legitimate source, aiming to convince and manipulate the receiver to reveal/submit sensitive information such as login credentials which might include username, password, and one time pin.

Well, however careful you are, everyone is susceptible to falling into this trap. Let’s say for example, your laptop has an email security solution to detect and quarantine phishing emails but, on this day, you log in using your phone or on a different device or an attacker uses more advanced sophisticated methods to evade detection.

In this article, we will understand the basic structure of an email, look at the common key identifiers of a phishing email and the risks posed to a user once their account is compromised, and finally, we will look at how to bounce back from a phishing attack.

Now, let’s understand the basic structure of an email:

1. Sender Address: This is the address of the sender.
2. Recipient: This is the address of the receiver in our case the victim.
3. Reply Path: This is the return path of the email
4. Subject: This is the email heading
5. Body: This contains the main part of the email, which has the contents of the email in detail.
6. Footer: This is the last bit of the email, may contain the signature of the sender

How to identify and detect phishing emails

Use of altered sender addresses: It’s a good practice to check the sender’s email address, most of the time attackers use manipulated legit addresses for example they could replace letters with numbers e.g Yelbr1dges instead of Yelbridges.

·  Use of generic Greetings: most organizations address their clients by name which instills confidence in the customers, phishing emails are mostly Phishing emails that frequently enter a large number of people and therefore attackers use generic greetings e.g Dear Customer.

·   Unusual Email Requests: Phishing emails have an end game of getting the victim’s credentials, however, attackers have become more creative by creating look-alike web pages from which they harvest users’ credentials.   

·      Use of a sense of urgency: most phishing emails create urgency in their message, this denies the reader time to rethink and therefore prompts the user to immediate action on the message, for example, you get a notification that “Your account will be suspended if you fail to log in to the new banking platform” 

·       Presence of links and attachments that are suspicious: Phishing emails have links that redirect the victim to the attacker’s trap to what looks like a legit website which is used by the attacker for credential harvesting after the user puts their login details. However, the victim can hover over a link without clicking it to check if the link is legit.

·       Unusual Sender Information: If the email claims to be from a well-known organization but the sender’s email address or the information provided seems off, it could be a phishing attempt

·       Requests for Personal Information: If the email asks you to provide personal or financial information, be skeptical. Legitimate companies generally won’t ask for sensitive information through email.

Worse Case Scenario:

1. Email user account compromise poses great risk to the account holder and the organization  these risks include:
2. Reputation and image damage- a compromised account may be used as an entry of attack to the organization, without proper.
3. Risk of data loss/ breach-phishing email attacks can lead to the loss of personal data or organizational data.
4. Account access loss is not acted upon fast an attacker may completely take over a user’s account
5. Malware and viruses spread in a network- some emails have document attachments or redirect a user to an auto download page, it’s easy for an attacker to use this as an entry to a workstation

What to do after compromise

Once you notice or suspect that you have fallen victim to a phishing email, please act promptly by following the following steps to mitigate the risk:

1. Change your password immediately or request for your account password reset from the admin- changing of password ensures that the user no longer has the right credentials to an account.
2. Enable and enforce two-factor authentication- this ensures that the account has an additional layer of security for authorization
3. Run security scans – most organizations have antivirus installed on every workstation, Moreso windows has a prebuilt component that can help the user scan for malware and viruses, some downloaded files from emails might contain malware, and therefore it’s a good practice to scan a workstation once the user notices suspicious documents.
4. Report the incident to the IT department – reporting the incident to the IT team will help them investigate the activity and also check on the spread of the attack, ie if other users in the organization have fallen victim to this, also they will monitor your account for any further suspicious activities.
5. Notify affected parties- most of the organizations have IT team working 24/7 and therefore a call followed by an email would help resolve the issue. Say for example you submitted credentials to your bank account, act fast to request them to temporarily suspend the account.

Links:

1. Changing Password

· Google Gmail account:

·       Microsoft account

2. Setting up 2FA

·       Gmail account:

·     Microsoft account:

3. How to run a security scan

·       Windows: