How to identify phishing emails
For years thieves & scammers have been out on the world wide web phishing for our personal information. Every day thousands of legitimate-looking emails from reputable brands are received in our email inboxes.
The difficult part can be working out how to identify phishing emails. Seeing real examples of suspicious emails helps us identify scammers. We have taken 4 recent examples of phishing emails from January and February 2023.
TLDR: The fastest way to identify phishing emails is to look at the From Address and mouse over links in the email body. Verify that the address the email has come from is genuine and the URL buttons are legit. If you are not sure of what to do request a free small business IT health check.
In this article we look at each of the following topics:
- How to identify phishing emails
- Phishing email examples
- What is phishing and how does it work
- What to do with suspicious emails
- Where to report a phishing email
- What to do if you’ve been scammed online
- How to recover from being scammed
- How to prevent phishing attacks
Phishing email examples & how to identify phishing emails
We’ve put together a comprehensive list of phishing email examples with images. Review the list below so you can familiarize yourself with examples of phishing emails. The images below are real-world phishing scam emails intended. They are from what look to be very reputable companies such as VentraIP, Australia Post, My Gov (Australian Government) and Apple.
We have also come across phishing emails posing as Cryptocurrencies asking for Bitcoins. Emails from scammers that are sending fake invoices to try to capture your credit card information.
Apple store phishing email example
Studying the hyperlinks we can clearly see that it’s a totally bogus website. So we now know how to identify phishing emails from Apple and that we can safely disregard this email and move on.
myGov Phishing email example
Here’s an example of how to identify phishing emails from myGov.
At the start of February, we received a phishing email that looked like it came from the myGov which is the Australian Government. Immediately the scammers made the mistake of miss typing the name being My_Gov. Also, we can see that it was sent from a random domain.
The scammers are pretending that there is money available to be refunded to the user and are trying to get them to sign-up. They are also adding time pressure to the attack by stating that ‘this link will expire in 3 days’.
The link that the scam email goes to looks like a shortened URL of some sort. Which ends up on a forbidden page on an Indonesian website.
How to identify phishing email attachments
It’s also important to keep an eye out for phishing emails with attachments. As always first check the senders address, if it’s not legitimate don’t open the email attachment. These PDFs will also contain fraudulent links aimed at phishing attacks.
So make sure you don’t click on web links that are you unfamiliar with without first checking the URL destination.
NETFLIX PHISHING EMAIL SCAMS
How to identify phishing emails from Netflix you ask? Let’s take a look at the old ‘Your membership will be list!’ phishing email scam!
You can safely ignore the threats about security and your membership will be cancelled. Not clicking on the ‘Click Here’ button is the best way to ensure that you don’t get scammed or hacked.
How to identify phishing email Attachments
Identifying Spear phishing email attachments
Here’s how to identify phishing email attachments with some examples. A lot of the spear phishing emails we’ve encountered have come from other countries. In most cases, spear phishing email attachments come in the form of HTML or HTM pages.
In the phishing email attachment on the right, we can see that the hackers are pretending to be sending an invoice and pretending to be for our company. It also looks like they either tried to or are pretending to be using a digital fax service.
Phishing email attachments as E-Fax
This is a clear example of an E-fax Received & Ready For Preview phishing attachment. Once again a HTM file is used as opposed to a traditional PDF or image file once scanned and faxed.
Frequently Asked Questions
What is phishing How does it work?
The term phishing refers to an engineered attack used by scammers to steel information from an individual or organisation via text or email. In most cases the scammers are trying to collate identifiable data such as birth dates, addresses, login credentials and credit card details.
Once the scammers have collated enough information via phishing attacks they are able fraudulently setup accounts on behalf of the vulnerable individuals. Scammers will go to great lengths to steal your money so its important to clearly understand how phishing works to remain protected. It’s critical to under how to identify phishing emails as this will reduce the likelihood of being scammed.
What to do with suspicious emails?
The easiest thing to do with suspicious emails is to delete them. If you have a security suite you can train it to filter out phishing emails. This utility should be built into it’s anti-spam tool and will be an add-in for your Outlook application or mail client.
What to do if you’ve been scammed online?
If you didn’t get to read our article on how to identify phishing emails and you’ve been scammed online the first thing you should do is speak to your bank. They may be able to assist you in recovering stolen funds. They will also put a hold on or suspend your credit and bank accounts.
Your bank will likely ask you to get a security checkup after being scammed or hacked. You can ask our virus and malware removal experts to assist you in ensuring your devices are not compromised.
How to recover from being scammed?
During the recovery process after being scammed, you should ensure that your devices are no longer infected with malware, viruses or an embedded keylogger. With smartphones you can download applications to detect and remove these threats.
On a Windows or Mac computer, you might need to find a remote IT support technician to delve deeper into the core of your operating system to ensure there are no hidden dangers.
How to prevent phishing attacks?
The best way to prevent phishing attacks is through education and awareness of the types of scams online and offline. Now that you know how to identify phishing emails attacks with real examples it would be best if you also learnt about SMS/Text scams.
Are you a victim of a phishing attack?
Ask our IT security experts to help you recover after being scammed.
Can’t find all your emails in Outlook 365? It’s probably a sync error or miss configuration. Getting a notice saying ‘There are more items in this folder on the server’? You need to change your Account Name and Sync settings, we will show you how.
Late last week, our IT support team detected a Trojan ‘request for offer.exe’ circulating on Microsoft 365 emails. This threat was also picked up by our cybersecurity group and quarantined by AVG Internet Security. The Trojan appeared in the form of an email with an executable attachment. We urge all businesses to send out an awareness communication to their staff regarding this security vulnerability.
When it comes to securing your emails, it’s important to think cybersecurity & two-factor authentication. Using complexity on our passwords, thinking about how we access our emails and how we store our email data. As a business, it’s essential to have SPF and DKIM configured for your domain’s mail records. As a home user, we can backup our emails by using IMAP connections to our host.
When it comes to securing your home and business computers, it is important to be cybersecurity focused! Think about how you use your computers, what needs to have security, and how you should be proactive. Let’s review what we can do today to secure our computers.