In an era where digital communication is a necessity, the art of phishing has evolved, becoming more sophisticated and harder to detect. Phishing attacks, aiming to steal personal information or deliver malware, pose a significant threat to individuals and organizations alike. We aim to outline key strategies for discerning whether an email is legitimate or a cleverly disguised threat.

Phishing is a cybercrime where targets are contacted by someone posing as a legitimate individual to lure the target into providing sensitive data such as personally identifiable information (PII), banking and credit card details, and passwords. The most common method of phishing is through emails pretending to be from reputable sources.

It is important to note that the days of poorly worded emails from foreign entities are quickly passing us by. With the rise of artificial intelligence, a criminal can better word their emails to sound far more legitimate. With that in mind, let’s look at some common signs of email phishing.

• Generic Greetings: Phishing attempts often use generic terms like “Dear Customer” instead of your name.
• Urgent Requests for Action: These emails may press you to act quickly, often threatening account suspension, loss of money, or other negative consequences. Many times there are vague references – or perhaps even specific references – to leadership in an organization.
• Vague References to Specific Things: Attackers often use a method that has been perfected by scam artists where the attacker makes references to vague details that will likely be true for most of the population and then let the target fill in the gaps. This may be seen with emails like: “Project details due today – need spend authorization!” Notice the urgency, but also notice that many people will have projects due or upcoming and this may further bring down the target’s guard when they try to resolve the issue.
• Spelling and Grammar Mistakes: Professional organizations typically ensure their communications are error-free. Frequent mistakes in an email may indicate a phishing attempt. But, again, please keep in mind that artificial intelligence can help smooth this over for the attacker.
• Breaking Policy Requests: Most organizations – even the smallest ones – have certain tools or policies that are in place for specific situations. Be aware of anything that asks for a break in that policy. This includes: navigating to another website, sending a response to a different email, or calling through an unrecognized phone number.
• Not-Quite-Correct Technical Details: A common technique is to craft an email where the sender name is someone that the target knows – like the name of the company’s CEO – but the email itself is coming from a different source. For example: John Smith <john.smith@gmail.com> instead of the real John Smith’s email address which is john.smith@example.net. Many email clients don’t quickly reveal those details, so it’s easy to pass that by. Another possibility is that the attacker buys a domain name that’s close, but not quite the same as the company domain. In our previous example, they may have a domain name that is exampIe.net (notice that the “L” is a capital “I”) which will bypass a simple scan of the eye.

In any direct attack, humans are almost always the weakest link. As a result, regular training and reminders are important for a strong organization security posture.

In addition, it is important than any organization has properly authenticated their emails. This will ensure that an attacker can’t use technical means to spoof your company’s emails which would further strengthen the ability of an attack. Make sure your team has set up SPF, DKIM, and DMARC records to authenticate. (This also has the side benefit of increasing your email deliverability.)

Company leaders would do well to ensure that their staff knows that it is okay to verify seemingly urgent requests if they appear suspicious. Many scams have succeeded because someone was afraid to double check with the boss.

Finally, make sure your email servers have strong anti-phishing policies. This will weed out most of the attacks that are attempted reducing the footprint and chance for success.

It is important to note that email phishing attempts happen every day. With good practices and training, most will never even reach your users or will be handled well if they do. But, should you end up in a situation where someone has fallen for a scam, contact a reputable digital forensics firm who can help you triage and discover what was truly impacted. This will allow for remediation and keeping the impact footprint as small as possible.

The fight against phishing requires vigilance and a healthy dose of skepticism. By understanding the common signs of phishing and applying basic verification techniques, you can significantly reduce the risk of falling victim to these attacks. As cyber threats continue to evolve, so too should our strategies for identifying and preventing them. Educating yourself and others on cybersecurity best practices is a critical step in safeguarding against phishing and other digital threats.