How to tell if an email is a phishing scam
- 11 April, 2012 05:57
Email phishing scams have grown more sophisticated since they first began popping up in corporate inboxes in the 1990s. Early phishing emails were relatively easy to detect as they were characterized by poor grammar and spelling. No legitimate business would send an email to customers chockfull of typos.
As email users grew wary of phishing attempts, cybercriminals have had to change their tactics and their lures. Today, phishers are churning out much more convincing and effective emails. Not only are the most persuasive specimens well-written, they are also often personalized, addressing the recipient by name. In addition, they replicate the look and feel of authentic emails from legitimate businesses down to the fonts, footers, logos and copyright statements those companies use in electronic correspondence with their customers.
Why Criminals Keep Casting Phishing Lines
The result of these refinements has been an explosion in phishing attempts. In 2011, approximately one out of every 300 emails circulating the web was deemed to contain elements indicative of phishing, according to "The Year in Phishing," a report from RSA. The cumulative number of phishing attacks recorded that year was 279,580, a 37 percent increase over 2010, by RSA's count.
RSA says that phishing attacks are on the rise despite heightened user awareness in part because they've become so easy for cybercriminals to execute. Malware writers have created automated toolkits that fraudsters use to easily create and host phishing pages. On average, every phishing attack nets a $4,500 profit in stolen funds for the perpetrator, according to RSA.
Because phishing attacks are easier for cybercriminals to produce and more convincing than ever, RSA predicts even more of them in 2012. To help you and your end-users determine whether those suspicious emails in your inboxes are legitimate or phishing scams, CIO.com asked Daniel Peck, a research scientist with Barracuda Networks, a provider of email and web security products, to analyze a particularly convincing specimen allegedly from American Express. We include below a copy of the email in question, along with Peck's tips for discerning the validity of suspicious emails.
This "Fraud Protection Alert" allegedly from American Express is in fact a phishing scam.
The above email is an alleged "Fraud Protection Alert" from American Express. It informs the recipient and would-be cardholder of potential fraudulent charges on their credit card.
This email is, in fact, a phishing scam, but it's convincing for a variety of reasons. For one, it sounds authoritative. Second, the footer--with its putative links to American Express Customer Service and the company's privacy statement--makes it look authentic. The message at the end of the footer that reads, "Your Cardmember information is included in the upper-right corner to help you recognize this as a customer service e-mail from American Express. To learn more about e-mail security or report a suspicious e-mail, please visit us at americanexpress.com/phishing," makes it look even more authentic and is designed to further confuse the recipient. Finally, because the message assumes the recipient did not recently charge a Hilton Hotel reservation, it attempts to win the recipient's trust, as if to say, "We're looking out for you."
Five Ways to Catch a Phish
With all of these convincing elements designed to spoof legitimate emails and confuse recipients, how can email users be sure messages like this one are fake? Here are five tips.
1. Hover. Whatever you do, don't click on any of the links in the email, says Peck. You can and should, however, point your mouse at them and hover over them.
When we hover over the "Secure Online Chat" and "www.americanexpress.com/case" links, we see that those links don't direct to the americanexpress.com domain. One directs to a website in Italy, as marked by the .it domain. The other points to a .us domain. Links that don't go to the legitimate domain of the business are telltale signs of phishing emails.
2. Copy and paste. If you can't see the URL where the links direct when you hover over them, Peck suggests copying and pasting the link into a Microsoft Word document. Right click on the pasted link and select "Edit Hyperlink" from the menu that appears. Selecting "Edit Hyperlink" will open a pop-up window in Word that shows in the "Address" field the web address to which the link directs.
3. Investigate the email's properties. Outlook users who have opened the suspicious email can go to the "File" tab and select "Properties." In the "Properties" pop-up window that appears, Peck says to look at the box at the bottom of the window labeled "Internet headers." This box shows the path the email took to reach the end-user, he says. "Look at the originating systems. If they're not from American Express, Constant Contact or other trusted email blast systems, those are tipoffs that it's a phishing email," he adds.
4. Act on information that you know for sure is trustworthy. If your bank or credit card company is sending you an email regarding a fraud alert, you ought to see that same fraud alert on your bank or credit card company's legitimate website, says Peck. If you're at all uncertain, Peck recommends calling the phone number on the back of your credit card. "Always work on information that you have a lot more reason to trust," he adds.
5. When in doubt, throw it out. The best defense against phishing scams, Peck says, is to assume the email is untrustworthy and to pursue direct channels to businesses that you trust, such as your bank's 1-800 number.
For more tips on how to avoid phishing scams, check out the Anti-Phishing Working Group's website.
Meridith Levinson covers Careers, Security and Cloud Computing for CIO.com. Follow Meridith on Twitter @meridith. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Meridith at firstname.lastname@example.org.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
"How many of the Fortune 500 companies have access to PRISM? https://en.wikipedia.org/wiki/Industrial_espionage ..."Australia suspected to have PRISM data: Ludlam
Australia Post’s mail business to lose $200 million this year
Australia Post’s mail business to lose $200 million this year
Microsoft's ambivalence about Office on the Web gives Apple shot with iWork on iCloud
3 Lessons Learned From a Failed Customer Feedback Test
Cloud Computing for Midsize Businesses: Delivering Innovation and Efficiency
It’s time for midsize companies to start thinking differently about infrastructure. This white paper provides a brief overview of cloud computing, explains how midsize companies can benefit, and describes the steps they can take to take advantage of what it has to offer. Read now.
Maximising productivity without sacrificing security
Advances in mobility and client computing technology combined with the ubiquity of the Internet and social media are creating a culture and desire for constant connectivity and anywhere access to information. As these trends extend from the home into the work place, IT managers should consider seriously the opportunities for increased productivity and communication with customers and constituents, as well as understand the increased security risks posed by online, anytime access to private networks and data. Read more.
Best Practices to Make BYOD Simple and Secure
As consumerisation continues to transform IT, organisations are moving quickly to design strategies to allow bring-your-own devices (BYOD). This paper provides IT executives with guidance to develop a complete BYOD strategy which gives people optimal freedom of choice while helping IT adapt to consumerisation - at the same time addressing requirements for security, simplicity and cost reduction. Read now.