1. Look out for suspicious content. Is the email asking you to reply back with confidential information, such as your password or confirm your bank account number? Is the email asking you to take quick action, such as reply urgently? Companies do not contact their clients asking them to take urgent and immediate action via an email.
2. Is the email asking you to click on a link? If so, hover over the link (without clicking the link) the URL of the link will be displayed. Check if the link URL is directing you to the website of the company that the email is claiming to be from, or directing you to a different site. For example, is the URL "http://www.mybank.com/xxxxxx" or is it guiding you to "http://www.capturethisusersinfo.com/xxxxx".
3. Does the email include a password protected archive or PDF? Attackers usually password protect the malicious software they send, to prevent antivirus software from detecting the malware.
4. Is the email addressed to you? Does the email include your name and does it include your email address in the To: field? Hackers usually send mass emails out to millions of emails hoping for a few users to fall victim to their trap.
5. Check the email address of the Sender? Does the email address contain the name of the company that they claim to be contacting you from? Do you know this company and have you previously made contact with the company? For example, if your bank is called "MyBank" with the website "Mybank.com" the person who is contacting you should have an email that looks as follows "[email protected]". Hackers often purchase domain names with similar names to try to trick you, such as in this example: "Mybankk.com" or "Mebank.com"
6. Check the email for a contact number and an email signature. Is there a real phone number and logo of the company in the email? Is the phone number a real landline number from the city and country where the business is located?
7. Is the email pretending to be sent to you by mistake but includes eye-catching details? For example, the email may have an attachment that contains a wealthy individual's bank statement. This is a trick to entice you to click and open the attachment.
8. Is the email from a person you recently connected with on Facebook? Perhaps this person is a stranger but you accepted their friend invite and started chatting with them because you find them attractive or of business interest. Hackers often target their clients first through social media to gain their interest and confidence, as well as obtain details on the victim’s personal life.
9. Someone you know well started to send you unusual messages with links via Skype or Facebook? This can happen if the sender's account has fallen victim to malware.
10. Keep an eye out for attachments that include (.exe .zip .bat). These executable files can contain a code that when executed can do anything from copy your files and send them back to the sender, to installing a worm or Trojan.
Phishing emails are very common as hackers send out hundreds of millions of phishing emails every day, and the chance of anyone coming across them is high. They are often the first step towards a large attack on a company’s IT infrastructure and a very popular and preferred method by hackers to infiltrate a network. Whispering Bell’s Cyber Security experts are regularly engaged by companies following a cyber-security breach in order to find the source of the hack and to patch the issue against further exploitation.
If you’re interested to find out how Whispering Bell’s cyber security team could help you protect your organisation against cybercrime or help you respond to an incident, please contact us.