Common Indicators of a Phishing Attempt

In this post, we will share the common indicators of a phishing attempt that everyone should look for in their inbound email communications. Phishing attacks can be sneaky and sophisticated but being aware of these common signs of phishing will help you to identify and avoid the majority of phishing and scam emails. We will also offer some suggestions on the best cybersecurity solutions to put in place to block phishing attempts and ensure that in the event of a phishing scam succeeding, damage can be kept to a minimum.

Common Indicators of a Phishing Attempt

There are many warning signs that an email is not what it claims to be, but here we provide the most common indicators of a phishing attempt. If employees are trained to always look for these common indicators of a phishing attempt, they will be able to correctly identify the majority of phishing emails. 

An incorrect domain is used

The email claims to have been sent by a company, but the email address uses a different domain to the one used by that company. E.g. The email claims to be from Netflix, but the email account has the domain gmail.com or netflix-account.com.

The email is not addressed to you personally

The email is addressed to “Dear customer,” or another generic greeting is used. Legitimate businesses that you have previously engaged with will have your name and will address communications to you personally.

The links in the email do not match the company

You get an email that claims to be from Microsoft asking you to log in to your account to correct a security issue, yet the links in the email direct you to a non-Microsoft domain.

The email contains spelling mistakes and grammatical errors

If you receive an email from a business and it contains spelling mistakes, grammatical errors, or doesn’t read well, it is one of the most common indicators of a phishing attempt. Businesses check their emails before sending them to make sure they can be easily understood and contain no errors.

You are asked to reveal sensitive information

You are either asked to reply and disclose personal or other sensitive information, or the website linked in the email asks you to go through an authentication procedure that asks for a lot of sensitive information. Authentication does not require a Social Security number or credit card information.

You are warned that immediate action is required to prevent a serious issue

One of the common indicators of a phishing attempt is the issuing of a threat should no action be taken and there is a strict time frame for responding. Fast action taken means less attention is paid to the legitimacy of the request. Act now or your account will be charged or closed down, for instance.

You are sent an unsolicited attachment

Attachments are used to get users to run malicious code, such as a VB script or macro. Attachments are also used for hiding links and phishing content from email security solutions. Avoid opening attachments unless you can verify that an attachment is genuine.  

The request is unusual

Phishers want to get people to take an action they would not normally take, and emails often include out-of-band requests. They may ask you to install software, disclose a password, make a bank transfer, buy an iTunes voucher, or they may just deviate from normal emails you have received from an individual in the past. Verify any request with the sender if they are known to you using verified contact information, not the contact information provided in the email.

Recommended Anti-Phishing Cybersecurity Solutions

When it comes to preventing phishing attacks, multiple cybersecurity solutions should be used. A defense-in-depth approach is necessary to block the full range of phishing threats, with multiple layers of security ensuring that should any single element of your defenses fail, others will provide protection. 

An advanced email security solution is recommended to prevent phishing emails and malware from being delivered to inboxes. By advanced, we mean more than just a standard spam filter, such as Exchange Online Protection (EOP) provided free with Office 365 accounts. It should have behavioral detection capabilities such as a sandbox in addition to signature-based antivirus engines to identify novel malware variants, SPF, DKIM, and DMARC to identify email impersonation attacks, machine learning capabilities to predict new phishing attacks, and outbound scanning for data loss prevention and to identify compromised mailboxes and internal phishing attempts.

A web filter is also recommended for blocking access to malicious websites. If a phishing email with a malicious link is not detected by the email security solution, which commonly occurs, the web filter provides additional protection by preventing the user from visiting the malicious website. Web filters also block malware downloads from the Internet and can be used to control the types of content that users can access.

Antivirus software is a must on all endpoints for detecting malware that is inadvertently downloaded. Ideally, if budget permits, more robust endpoint detection and response solutions should be used that are capable of behavioral analysis to identify suspicious activity. It is also important to set up multi-factor authentication (MFA) on accounts. If credentials are stolen in a phishing attack, MFA can prevent those credentials from being used by the attackers.

Don’t Neglect End User Training

Many businesses invest in cybersecurity solutions for blocking phishing attacks but fail to provide security awareness training to the workforce, and that is a mistake. Even if you have a large budget for cybersecurity and invest in cutting-edge security solutions, you will not be able to block all phishing attempts. Inevitably, some phishing emails, text messages, social media phishing, and voice phishing attempts will reach employees, so they need to be prepared and know the common indicators of a phishing attempt. 

The ultimate aim of security training is to create a security culture, where employees know the common indicators of a phishing attempt, check for those indicators constantly, follow security best practices, and consistently practice good cyber hygiene. That is unlikely to be achieved with a one-time training session or even annual training sessions. A robust security awareness training should be developed and implemented that involves training employees much more frequently – short training sessions every month or every quarter with regular reminders of the role every employee must play in defending against cyberattacks.

The easiest way to provide that training is to use a third-party cybersecurity company, one that has a library of enjoyable and interactive training content that can be tailored to each individual in the company and covers the threats each individual or user group is likely to encounter. 

Many companies offer these training courses, although SafeTitan from TitanHQ is one of the best we have seen. The training platform has great content, but importantly it delivers training in real-time in response to security failures, at the time when those failures occur. The employees are provided with immediate feedback on security mistakes and are shown how to avoid those mistakes in the future. And are delivered relevant training content. We have found no other platform that delivers that in real-time.

Conduct Phishing Simulations

Security awareness training should incorporate quizzes to assess whether employees have understood their training. It is also important to put their training to the test in a work setting. Conducting phishing simulations, if done properly, can help to improve a company’s security posture. Phishing simulations involve sending realistic but fake phishing emails to employees when they are not expecting them to see how they respond. They don’t test whether training has been understood like quizzes, but whether training is being applied. 

If an employee falls for a simulated phishing email, they are informed, told where they went wrong, and are provided with further training. That could simply be a 5-minute training session relative to the threat they failed to correctly identify. Conducting these simulations also tells a company how effective their training is providing to be at improving the security awareness of the workforce.

Link copied to clipboard