WE ARE DOOMED! Common Sense in Spotting Phishing Emails
Seriously?! is this what the world is coming to? This is fucked-up! About once a day I am faced with the aftermath of one of my friends (acquaintances, colleagues, etc.) having clicked a link in a phishing email and getting their PC utterly-fucking-hosed. BTW, “utterly-fucking-hosed” is a tech term ‘we in the industry’ have replaced the dated “Borqued/Borked” with. The phrase and the words are synonymous.
Phishing is a term you hear all the time. But what exactly does this mean? In the realm of network security, phishing is when someone tries to bait you into clicking on a malicious link. There are just too many examples out there to post them all, but below are a few immediate indicators that an email (or website) may be dangerous:
- The Domain Name: Oftentimes you’ll see something that looks like “microsoft.com” but sneaky folks play on the fact that your brain subconsciously puts things into a plausible meaning by using context to predict the outcome. (fun read about this here on Mother Nature Network, mnn.com). To illustrate this, you might see an email from “support@rnicrosoft.com” or “support@misocroft.com.” In these examples, our brain automagically forms an “m” from the two letters “r” and “n” and rearranges the “socr” to “cros” because it expects the household name “Microsoft.” Also, in many cases, the “rn” combination is so close together that is actually looks like an “m.” Recent examples of this include: rnicrosoft, misocroft, microsfrt, de11, rnsmbc, strabucks, starbuks… just to name a few. All of these had links that download ransomware to your computer.
- Email is Addressed to Your Email Alias: Any service be it banking, Amazon, Microsoft, Google, Etc…, is going to have your REAL name. When you see an email start to read “Dear George123,” (or whatever your email alias is) chances are, it’s a phishing email. Folks that generate phishing emails use simple scripts to address the email automagically based on your email address thus making is seem more personalized.
- Bad Grammar and Spelling: Despite the fact that most native English speakers don’t speak English very well, phishing emails tend to be riddled with spelling and grammar errors. Although, some of the more clever ones will copy text from legitimate emails to give their ploy more credibility and make them harder to spot. You might often see things like: “Dear Customer, Our records indicate that have not updated your acount information in the last 30 days. To update your accont in a timely manner, log in now update your information.” A quick glance, and you know something is wrong, but it still makes sense. In this example notice the missing pronoun between “that” and “have.” Also notice the misspelling of the word “account.”
- Content is Ambiguous/Vague: “Dear Customer” or “Dear Valued Customer” are common at the beginning of phishing emails. As mentioned earlier, most places will use your real name when contacting you directly. Reputable businesses usually only use “Dear Valued Customer’ when issuing blanket statements which generally do not have any links to login to your personal accounts. There may also be statements that could apply to a wide range of things. For example, a salesperson friend of mine received the following email: “Hi, I would like to place an order this month. Please check the attached file to see if you can supply the specific product I am looking for.” Of course, the link was to ransomware, and my friend clicked it.
- Hovering Over a Link Reveals Suspicious URL: IF my friend had hovered over the link in the aforementioned email, he might have noticed the link at the bottom of the page didn’t link to Dropbox at all… test this by hovering over THIS LINK and read what the actual URL refers to (not an actual site, but this should illustrate the point).
Bottom line here is that if the email seems even a little suspicious, it’s most likely one to delete. Verify with the sender of the email before clicking any links or opening any attachments.