The Anatomy of a Phish

Phishing emails are incredibly common and something that everyone should know how to spot.

 Email Security Phishing - National Cyber Security Awareness Month - Gray Analytics

It's not a question of if you get phished but when. And the chances are good that the answer is TODAY. 

The statistics regarding phishing attacks are staggering:

With those kinds of statistics, it's clear that phishing as a mode of cyber attack is not going away any time soon. You don't want to make it easy on attackers by simply giving them all of the information that they request in a phishing email. You need to play hard to get with them and train yourself to spot fraudulent emails.

How do I know if it's a phish?

While phishing emails are sent by a variety of groups for a variety of reasons, there are some common threads between most of them. You (and your employees) should be prepared to see phishing messages and should know what to look for when evaluating the messages in your inbox.

There is an urgent call to action in the subject line

    Gray Analytics - Phishing

    If an email tells you that action is required now or something bad will happen if you don't take action immediately the likelihood that the email is a phish grows. Attackers want you to not think about the email but reflexively take action and follow their instructions so they often send their emails with urgent requests. Don't be fooled! After all, no one ever had their bank account closed because they didn't send customer service their password in 30 seconds!

    The email has a lot of spelling and grammatical errors

      We've all sent an email and as soon as we hit sent realized that we misspelled a word or left out a word. A very small number of mistakes is acceptable in an email, but if an email is suspicious make sure you read it carefully to see if you can spot multiple typos or strange wordings. This can indicate that the writer is not a native speaker/writer of English which is common for phishing emails.

      The links don't lead where they say they are going

      If you've followed us for a while you've probably heard that our recommended best practice for links in emails is that you do not click them. But we know that sometimes you need to click the links which is why we wrote a blog post last week about 5 questions you should ask before you click a link in an email. Before clicking on any link, even if it's in an email you were expecting from a trusted sender, hover over the link and verify that the link is leading you where it says it's going to take you.

      What else?

      These three traits are very common in phishing emails but there are others that show up frequently as well. We've put together a download with some real-life examples of phishing emails along with 14 signs that an email may be a phish. Download this document today to expand your knowledge of what a phish can look like and what you need to watch out for.

      And if you're interested in winning a free phishing simulation to test how aware your employees are about phishing emails, you can enter to win a free phishing simulation here.

        Share This Post