Introduction
On a general level, phishing is a form of fraud and an attack (e.g., email, voice, text, instant message) that tries to get you to provide sensitive information (e.g., login credentials, password), click a link, or open an attachment in order to gain access to a system, gain monetary benefits, steal information, or otherwise cause harm to you or your organization. They often include emotional triggers and convey a sense of urgency, in order to persuade you to act.
Spam, on the other hand, is mainly considered unwanted, noisy, obnoxious messaging, sent without malicious intent. In today’s world, a lot of spam messages are advertising, which may include, but is not limited to: event invitations, user list marketing, and unwanted marketing.
How do I recognize a phishing email?
How do I recognize a spam email?
I have identified a suspicious email - what do I do now?
Where did phishing come from?
The concept of phishing can be traced back to America Online in the 1990s (AOL). A group of hackers known as the warez community pretended to be AOL employees and gathered user credentials and personal information. Using this stolen information and along with an algorithm they developed, they started generating random credit card numbers.
By 2003, hackers had registered multiple new domains that sounded similar to the names of well-known websites such as eBay and PayPal. They then sent phony e-mails to eBay and PayPal consumers using illegal worm software. Customers who fell for these phishing e-mails were duped into supplying credit card information and other personal information.
By early 2004, phishing had become a lucrative business, and hackers had begun targeting banks, businesses, and their customers. Hackers utilized popup windows as one of their primary weapons at the time to collect sensitive information from unwary users. Hackers began creating other ways from there, including spear phishing, vishing, smishing, keylogging, and content injection.
Today, phishing takes many and ever changing forms. If you are interested in reading more about what is out in the wild at the moment, check out our Off the Hook – Threat Stories to learn more about the latest, and worst, phishing attacks out there.
How do I recognize a phishing email?
Now you know where phishing came from, but how do you know that the email you just received is a phishing email?
1. Sender / who is it from?
Check the sender display name
Does it match any other identifying features in the email such as the sender address or signature?
Have you received emails from this person before?
Is this a regular email address to receive emails from them?
Be on the lookout for typosquatting
Typosquatting is a tactic used by cybercriminals where they register domains with deliberately misspelled names of well-known websites. Read the address carefully and check for typo squatting or misspelling (e.g. microsoft.com VS rnicrosoft.com).
Be wary of malicious domains
Check if the domain has been flagged as malicious, tools like Phishtank or Isit-Phishing will help you do this safely.
Consider if there is an actual business relation
Do you have any business relationship with the sender?
Is there a good reason for them to reach out to you on this topic or is it strange?
Verify the sender
If you have any cause for concern, verify the sender has actually sent you a valid email by contacting them outside of email or instant messaging.
If an email account has been compromised, verifying the sender's identity by sending an email or an instant message (Skype, Slack) is not a safe option.
When in doubt, always try to get a face to face or over the phone confirmation.
2. Subject
Be wary of a threatening or urging tone
Cybercriminals often play on the victim's human instincts of trust, fear, greed, and the desire to help. Don’t get tricked into acting as fast as possible.
Be careful with the “RE” - is it a reply to an email you sent?
Suggesting you have been in contact before. Have you?
3. Recipient / to
Check if there are multiple recipients
Check for multiple recipients. If there are only CC’s or signs of BCC’s (undisclosed recipients), carefully consider the legitimacy of the email.
Check all recipients and CC’s
Do you know these contacts?
Does the nature of the email validate including these contacts as CC?
4. Date and Time
Consider if the email is sent at an unusual date or time
Has the email been sent during a workday, at regular office hours? If not, have you received email from the sender at odd times before?
Take into account the sender's timezone
If the timestamp is suspicious, check the timezone of where the supposed sender is located. Verify if the time difference would make sense considering the location of the sender.
5. Email Body
Review the tone of voice and language
Threatening, urging, or overly emotional content may provoke you into acting quickly and without thinking. Don’t get tricked into acting as fast as possible. Check out our Off the Hook – Threat Stories to learn more about the latest, and worst, phishing attacks out there.
Review the greeting
Trusted contacts will greet you in a natural manner. Be vigilant when addressed as “Dear customer/relation”, “Esteemed contact” and so on.
Consider the validity of the ”ask”
Is the sender requesting you to click, download, open, install anything?
Does the request make sense considering your role, your normal working tools and so on?
Be particularly cautious about requests to update information through an external link.
Check the signature
Are their full contact details available on their signature?
Does it match other records of their information?
Does it look similar to the signatures you’ve seen before from that organization or person?
Be careful with attachments
Is it usual to receive attachments from this contact?
Why is it attached in the first place?
Check for the likelihood of the attachment being malicious.
Office and PDF files are a common carrier of malicious payloads.
Avoid compressed archives (ZIP).
6. Hyperlinks
Check! Don’t click!
Hover the mouse cursor over all links in the email to reveal the target URL.
Check for known or matching domains
Check if the links lead to domains they would usually link to, or if they match with the sender domain.
Be on the lookout for typosquatting and misspelling
Typosquatting is a tactic used by cybercriminals where they register domains with deliberately misspelled names of well-known websites. Read the address carefully and check for typo squatting or misspelling (e.g. microsoft.com VS rnicrosoft.com).
Distrust link shorteners
Any Bitly, Tinyurl or other shortened link should be avoided entirely.
Is it phishing or not?
Trust your gut - if something seems off, it probably is!
When you see a suspicious email, report it with the Hoxhunt button. You can help stop an attack in its tracks! Read more below: I have identified a suspicious email - what do I do now?
Where did spam come from?
The origins of spam can be traced back to 1864, over a hundred years before the Internet, when a telegram was sent to a large number of British politicians, advertising teeth whitening. This can be considered the first item of spam (considered unwanted, noisy, obnoxious messaging) ever sent.
Fast forward 114 years and the first example of an unsolicited email dates to 1978 on ARPANET, the precursor to the Internet. This early Internet spam was a promotion for a new new model of computer from Digital Equipment Corporation. Spam being a novelty at the time, this approach worked, people bought the computers.
By the 1980s, people had formed regional online communities known as bulletin boards (BBSes), which were hosted on home servers by hobbyists. Users might share files, publish announcements, and exchange messages. Users would repeatedly write the word "spam" to drown out each other during intense online debates.
This was done in homage to a 1970 Monty Python sketch in which a husband and wife eating at a working-class café discover that practically everything on the menu contains Spam. A chorus of Vikings drowns out the dialogue with a song about Spam as the wife fights with the waitress about the abundance of Spam on the menu. To the dismay of Hormel Foods, the creator of Spam (the food), the term "spam" was coined in this context to refer to noisy, obnoxious messaging.
How do I recognize a spam email?
As a rule of thumb, you can take the red flags we highlighted about phishing above (How do I recognize a phishing email?), and if none of them are present, but it is still unwanted or suspicious messaging or asking you to click on links, you are likely looking at spam.
In today’s world, a lot of spam messages are advertising, which may include, but is not limited to:
- Event invitations
- User list marketing
- Unwanted marketing (adult content, services, products, discounts)
- Miracle pills from Internet pharmacies claiming to solve all your ailments
- Unwanted messages that do not ask you to take immediate action or give out personal details
While Spam in itself is not necessarily harmful, but more annoying, it is still best not to click on any links, open any attachments, or give out your details in order to receive a price.
- Do not share any personal information
- Do not click on any links
- Do not click "unsubscribe"
I have identified a suspicious email - what do I do now?
Always follow your organization's official security guidelines when reporting suspicious emails.
When you encounter a suspicious email in your inbox that fits the description of either phishing or spam, you can use the Hoxhunt button to report it. First, locate the Hoxhunt button in your inbox, then report the email with the Hoxhunt button.
Locating the Hoxhunt button in Outlook
Locating the Hoxhunt button in Gmail
You can find more details on locating the Hoxhunt button in different environments here: Locating the Hoxhunt button
You can read more about how to report suspicious emails here: Reporting Suspicious Emails (Phishing or Spam)
Remember - when you see a suspicious email, report it with the Hoxhunt button - you will help your organization strengthen the human firewall, one reported email at a time!
Questions?
If you have any questions, please don't hesitate to reach out to our support team at support@hoxhunt.com