Have you ever gotten an odd email that just didn’t seem quite right? One that pretends to be a friend, family or business connection but something is off. It may be a phishing email.
Before we dig too far into our discussions on phishing, lets talk about red flags.
Red flags are those items that tip you off to an email being not what you think.
In general phishing scammers have terrible written skills. English is not their native tongue. An exception to this is the Cosmic Lynx group out of Russia (more on them in another post). A fair chunk of phishing email is credited to Nigerian organizations.
Since we read top to bottom and left to right, red flag number one is the recipient email address. Is your email address part of a massive list? or say your name is Joe, is it addressed to a bunch of different Joes? firstname.lastname@example.org, email@example.com firstname.lastname@example.org, etc? They are probably just working on an alphabetical list of potential targets. While this is a red flag, it is not really one big enough to pull the rip cord on. It is one that just tells you to proceed with caution.
What is the next line down? The sender address! Lets call this the opportunity to find a second red flag in the weird email address. At the most simplistic level, there are two parts to an email address; a username, then the domain name [email@example.com]. In most email programs (clients) you can hover your mouse pointer over the email address as shown on your screen and it will show what the real address is as far as the program can see. When you hover MyDearGranny@family.com and it shows GimmeAllYourDough@creepers.ru you can recognize that it is not dear granny after all. Just delete that email and move on to something more productive. An exception to that would be if you have a system to report spam/phishing emails. If that were the case, report away and let the powers that be chase them down and get their access cut to reduce the damages.
Red flag number three, the subject line. With this flag you are looking for odd wording, capitalization, relevance, and anything else that hits your eye weirdly.
This brings us to our fourth red flag. The message body has the meat of the glaring errors. These are the ones where you tap your partner and share with them in disbelief that someone would actually write this way. Improper capitalization, poor spelling, bad grammar, words that are not commonly used in American conversation, and clunky sentence structure. Take a gander at this sample (I have to wonder if their spacebar is acting up):
Are there threats in the message body to bring about a sense of urgency? That is a very common ploy and we will call that red flag number five.
I wish I could tell you how many times that my wife has been emailed to tell her that her social security number had been suspended and that the magistrate was coming to arrest her. While you are reviewing the message body are they directing you to click on links? Be sure to hover those links. That is another red flag, bad links! Bad links are those that are not expected. If the email is from Allstate Insurance telling you about some new product that they think you need, but the link shows up as some XXX site in Lithuania. that would be a red flag. That makes red flag number six. Boy oh boy these are adding up.
You are waiting for red flag number seven aren’t you? Lucky number seven. Well you may not be so lucky if you download whatever it is that they are pushing for you to download. It could cause you to have to read my page about malware. Well, I am sure you will read that too because you are enjoying this presentation and look forward to another lesson on who knows what. Again, hover that link and see where it will be taking you if you were to click it. If you felt adventurous, you could right click the link and select copy link. Then load your browser and go to https://www.virustotal.com/gui/home/url where you could paste the suspicious link to see if it has been reported as malicious or if Virus Total see problems with the destination. Feel free to check their site out. they are a safe resource and you may even want to bookmark it. I will be referring to them another time also.
Red flag number eight, as we near the end of the email, it is time to check out that signature block. Is that closing line unusual? How often do you see “I pray to bid you a good day”? Are their links that you can hover in the signature block? Maybe some of those look bizarre.
With all of those flags waving in the breeze you will likely trash the email and move on.
Did you think of other flags for us to discuss? Share your thoughts in the comments and I can refine the page. You are an important part of any networks defense, even if you are just defending yourself.