The Definitive Guide on Spotting a Phishing Attack

Phishing is one of the leading vectors for larger cyberattacks, and right now, it’s the biggest cyberthreat for Texas-based businesses. In this guide, we’re going to cover what to look for. If you are a business owner, we recommend sharing this blog with your entire staff and asking that they read and confirm they understand it. Go ahead and share it as much as you want—if you find it useful, we’d love to hear from you!

What is Phishing?

A phishing attack is essentially an email hoax. It is an email designed to trick the recipient into downloading malicious software or sharing sensitive information. Phishing attacks come in many different forms, but there are some common tricks that are often used, and some key identifiers to help you determine if an email is actually legitimate or not.

How Does Phishing Work?

Let’s look at a classic example of a phishing attack. We’re going to use Bank of America because it’s the second most popular banking institution in Texas, and because cybercriminals have been targeting BoA customers frequently over the years. It’s important to note that this has nothing to do with Bank of America’s legitimacy or its security, and there is very little the bank can actually do to stop this type of attack.

The attack might look like this. You get an email that looks like it is from Bank of America.

The subject line might say something like: Security Alert: Unusual Account Activity Detected!

The email has the Bank of America logo.

The email then says something like:

Dear Valued Customer,

We’re letting you know that we’ve detected some unusual activity on your Bank of America account. For your protection, please verify this activity so you can continue to access your money without interruption.

To re-activate, please click here to provide your current username and password.

Please note that if you fail to do this within 48 hours, your bank account will be terminated.

That sounds pretty serious, right?

This is the kind of email that gets a person to panic and act quickly. However, if it’s a phishing attack, your bank didn’t actually email it to you, and that link doesn’t belong to your bank.

Instead, the cybercriminal who sent the email likely built a webpage that looks like Bank of America. It’s got the same logo and branding. Even the web address (at first glance) might look like it says bankofamerica.com. The familiar login box is there, waiting for you to put in your username and password.

However, when you enter your password, it doesn’t log you into your bank account. It gives that information to the cybercriminal.

Now they have access to your bank account. They don’t need to hack anything. They just simply log in right now.

Now, let’s say this phishing attack wasn’t for your bank. Let’s say it was something a little less valuable, like your Netflix account. Cybercriminals know that most people have poor password hygiene. If they can trick you into giving them your Netflix credentials, they will try out your credentials everywhere else, including your bank, your email accounts, your social media, and everywhere else they can.

Things can get very ugly, very fast.

How to Spot a Phishing Attack

Think Before You Click

No matter what, you should always stop and think for a moment before you click on anything within an email. That includes email attachments too (email attachments can contain malware like ransomware which will quickly take over your entire computer or network within moments).

If there is a link or an attachment, just pause, take a deep breath, and put your guard up. Start looking for some of these other signs.

Verify the Sender

Cybercriminals will try to spoof phishing emails to make it look like they are being sent from a legitimate source. This means they might make up a fake email account like “[email protected].” 

But let’s look at this closely. 

If you look at the part of the email after the @ symbol, you’ll notice that it isn’t the official Bank of America web address. It’s something else entirely.

A good rule of thumb is to look for periods. If there is a dot in the email other than the .com or .org (and vice versa), you might be getting duped. 

They might not always have an extra period though. It could just be an alternative spelling of the domain name, or a different (but possibly similar) domain name altogether.

Here are some other examples you might see, using Bank of America as our scapegoat:

[email protected]
[email protected]
[email protected] 

The possibilities are endless, so be vigilant. 

Just because the sender email looks good though, doesn’t mean you are out of the woods yet. It’s possible that cybercriminals hijacked the email account and legitimately sent out the email from a real address. This happens all the time on both large and small scales, so it’s worth looking for these other traps.

Inspect Any Links Before You Click on Them

Let’s say so far, the email has passed the tests above. Now you are thinking about following the instructions and clicking on a link in the email.

Remember, you should really be running through this whole gamut every time ANY email has a link or attachment in it.

Before you click, hover your mouse over the link. Most email clients like Outlook and Gmail will display the URL the link is going to, either as a tooltip next to your cursor or towards the bottom of the window, but we’ll show you a trick for that in a moment.

Look at the URL that the link is attempting to send you to. Does it look legitimate?

Use the same basic rules you used above for confirming the legitimacy of the email. 

Is there an extra period somewhere after the domain name?

Let’s use Amazon as our scapegoat now:

• https://www.amazon.com/gp/help/customer/account-issues - This is safe, because there isn’t a period after the .com. 
• https://support.amazon.com/ - This is safe, because the extra period is before the company’s domain name (in this case, amazon.com)
• https://support.echo.amazon.com/customer-support/password-reset - Again, this is safe because there are no periods after amazon.com, regardless of how many subdomains (extra periods) are before it in the URL.
• https://support.amazon.ru - Time to slow down. While Amazon does legitimately have a .ru domain, not every business has every variation of domain extension (like .org, .net, .co, .co.uk, etc.). As soon as you get something you don’t expect, start to scrutinize even more.
• https://amazon.passwordservices.com/help/account-issues - This one is dangerous. This URL is technically taking you to a site called passwordservices.com. We just made that up for the example. Anyone could purchase that domain (or something similar) and spoof the URL to say Amazon before the first period. It’s tricky because it’s easy to miss.

When in doubt, ignore all of the links in the email, and just do a Google search for the website you want to go to. If it’s for Bank of America, PayPal, Amazon, Netflix, or virtually any other popular service, the official website should be among the top results. If you know the actual URL to the website or have it bookmarked, use that, log in like you normally would, and see if you can troubleshoot your account from there.

Don’t Trust Anything Until You’ve Received Confirmation

If someone sends you something unsolicited, whether it’s a vendor, a co-worker, a customer, or a random nobody who stumbled into your email inbox, just don’t click on it or download the attachment.

That’s it. Leave it be.

Then reach out to that person and check for its legitimacy.

A very popular type of phishing attack involves spoofing a CEO or other company executive, and it looks like a legitimate email where the boss is asking you to send them sensitive information or purchase prepaid gift cards, or something along those lines.

In cases like that, just reach out through another means to get confirmation. There’s no harm in questioning email these days. If the sender gives you any grief for it, let them know you just didn’t want to sacrifice their security and that it’s always a good habit to get confirmation outside of email.

This is a habit that each and every one of us needs to start building.

We’re Here to Help

If you want assistance training your staff, or you need help gaining control over your cybersecurity, give the IT professionals at Capstone Works a call at (512) 343-8891.