Banner Accent
Created with Sketch.

How to Recognize a Phishing E-Mail

Posted 12 Feb 2021 in IT Security & Advisories

A photo depicting Edmonton IT services.

In 2021, there are all kinds of threats to network security. Malware, including ransomware – a type of computer virus that holds your computer hostage- is becoming increasingly common. Phishing scams are also on the rise.

A phishing scam is, according to Oxford Languages, “the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers.” A phishing email will always ask you to log in or submit confidential information. Phishing attacks can lead to compromised security – not only for you but for your company. Cybersecurity is now more important than ever.

Phishing scams can get quite tricky. Even if an email appears to be from someone you know, it may not necessarily be safe. It is possible to ‘spoof’ e-mail addresses- making an email seem legitimate when it is not. Worse, the individual in question could be compromised. So, what is the best way to recognize phishing e-mails? Read on to find out.

The truth is in the details

Spotting a phishing e-mail is often in the details. First, check the sender (though, as we have already covered, the sender may appear legitimate). Then, look at the details. Does the e-mail have the same tone as other correspondence from this person or company? Do the fonts and brand colours match up? Does the design quality look bad or rushed? Is the email signature the same as always? Is it normal and reasonable for the sender to make this request? Did you initiate the request?

Double-check that everything is correct and not just close. Scammers will often use e-mail addresses or domains with one letter or number different from the real thing. The best defense against a phishing attack is being vigilant. If you’re not 100% sure it’s legitimate, delete it, or contact the person or company directly by telephone or through their website (DO NOT reply to or use contact information from the e-mail you received).

It’s important to note that most organizations will never ask you to submit confidential information or login via e-mail. If you didn’t initiate the process, always assume it’s fake.

How to protect against phishing

While paying attention to the details is the best way to protect yourself from a phishing attack, other steps can be taken. Having a procedure in place for financial transactions and the transfer of sensitive information can help prevent phishing attacks. First, if there is a procedure in place, any correspondence that deviates from the procedure, or, requests specifically identified by that protocol as high-risk, should set off alarm bells. Use trusted security services, like Microsoft’s Advanced Threat Protection (ATP) to analyze and quarantine incoming hostile email before it hits your mailbox and always ensure financial requests require a secondary manual check that does not involve the source. It’s also possible to set up an alert that will display a warning if an email came from a third party.

Additionally, multi-factor authentication (MFA) is one of the most effective ways to enhance cybersecurity. Using MFA is usually free and can stop over 99.9% of account-based attacks, primarily because it requires a secondary means of proving who you are (more than just your password). This typically involves a push notification to your phone or a random code that changes every 30 seconds. MFA is super easy to use and should be set up on any platform that supports it. If you currently use Microsoft 365 and do not have it enabled, you should absolutely do it as soon as possible.

Finally, setting up sender verification can also radically enhance e-mail security- including setting up SPF, DKIM, and DMARC protocols.

o   SPF stands for Sender Policy Framework. This record specifies which IP addresses are authorized to send email from a particular domain.

o   DKIM is short for Domain Keys Identified Mail. This record proves that the contents of an email have not been changed or tampered with.

o   DMARC, meanwhile, is Domain-based Message Authentication, Reporting, and Conformance.  This record builds off the previous two and adds a few more security measures.

  • Verifies the use of SPF and DKIM protocols
  • Sets the rules to follow if both SPF and DKIM checks fail
  • Provides a way to report when messages pass or fail

Setting up all three of these security protocols will provide a strong net against phishing attacks. Implementation can be advanced, but an IT consultant can help you get them set up. Hiring an IT consultant has many benefits, including increased cybersecurity.

At SIRKit, our goal is to be the last IT partner you ever have. We pride ourselves on fixing problems the first time. Our strength is providing you with personalized service- not canned responses. If you are looking for the best IT company for your company or project, please reach out to us. We would be happy to help, including providing you with a no-obligation quote.

© 2021 Sirkit. All Rights Reserved.