Recent reports have made it clear that phishing emails are on the rise. In fact, cybersecurity firm SlashNext reports a 1,265% increase in phishing emails since the launch of ChatGPT. With the odds of a phishing email sitting in your inbox, it’s important to know the different types and how to protect yourself from them.
Different Types of Phishing Emails
Phishing emails are fraudulent emails that are designed to trick individuals into sharing sensitive information or performing certain actions, such as clicking on malicious links or downloading harmful attachments. There are various types of phishing emails. Each with its own unique approach to deceive individuals and target their personal information or financial details. Some of the different types of phishing emails that we are currently seeing in the field are:
De-activation of Domain Notice
One type of common phishing email is a de-activation of domain notice. The de-activation notice informs the recipient that their domain name is set to be cancelled unless they renew it. This notice will typically have a link included that redirects to a malicious website, where the user is tricked into entering sensitive information.
*Cirkuit will never have you follow a link to activate or claim your domain.
Quarantined Emails
Another type of phishing email that has become increasingly popular is one that advises the recipient that their emails are quarantined and they will be deleted if not released by a certain time. These emails will also feature a malicious link that leads to further scams.
*Cirkuit no longer uses a quarantine to catch spam. Spam messages go directly to your Junk folder.
Suspended Incoming Messages
There are also malicious phishing emails that claim to have suspended incoming messages. These emails often look like they’re sent from a legitimate email provider, but redirect to a malicious website which uses the user’s login credentials to gain access to their account.
In the figure 3 below, notice the “From” email is spoofed and it is actually coming from “[email protected]” and not from who it appears to be from. Putting the email address, instead of a full name, in the “From” field is done in an effort to try to trick you into thinking it is from someone else. Another tell-tale sign that this email is fraudulent is the link in the email (at the very bottom) goes to a gibberish domain “re.dev”.
Failing victim to an email like this would have likely given a password directly to the phisher. The phisher could then have used it for multiple purposes.
*Emails from Cirkuit are always informative and will never ask for email credentials or payment information.
Protect Yourself From Phishing Attacks
The best way to protection yourself against phishing emails is to use a comprehensive security software solution that includes anti-phishing features. This will help block malicious activity before there is a chance to execute an attack. Despite how good the anti-phishing software is, it will not catch all phishing emails. Some phishing emails are going to make it to your inbox. So, it is important to know how to identify them.
Identify Phishing Emails
Here are 6 key characteristics to look for in a phishing email:
1. The Sender’s Email Address
The first thing you should check is the sender’s email address, or the “From” address. Often, the email address used by the fraudster will be spoofed, meaning the email looks like it’s from a trusted source, but it is not. The “From” address may have a few misspellings or deviations from the actual company’s email address.
For example, a phishing email pretending to be from PayPal may use an email address like “[email protected]” instead of the official “[email protected]”. Scammers can “spoof” email addresses and make them look like they are coming form anyone, even your company, like in the example below.
One of the main indicators of a phishing email is an inconsistent “From” address. If the “From” address is from a domain or company that you do not recognize or is misspelled, then it is likely a phishing attempt. Additionally, if you are receiving emails that claim to be from a legitimate company, such as your bank, then be sure to check the domain of the email, as the domain should be consistent with the company’s website url.
2. Urgent or Threatening Language
Phishing emails often use urgent or threatening language to create a sense of urgency. They may claim that your account has been compromised, or that you have to update your information immediately, or else face consequences like your account being closed. This is a tactic used to panic the recipient into taking immediate action without properly verifying the email’s legitimacy.
3. Suspicious Links
Phishing emails often contain links that look legitimate at first glance, but upon closer inspection, they are actually fake. These links will take you to a fraudulent website that may look identical to a legitimate one, but in reality, it is designed to steal your information. Be wary of clicking on links in emails, especially if you were not expecting the email.
4. Poor Grammar and Spelling
Be sure to check the email for grammar and spelling inconsistencies. Legitimate companies will generally employ individuals who are good writers and proofreaders, so any mistakes in the email are a potential red flag.
5. Request for Personal Information
Legitimate companies will never ask you to provide personal information via email. If you receive an email requiring you to give out sensitive information such as your Social Security number, credit card details, or passwords, it is most likely a phishing attempt.
6. Unusual or Unexpected Attachments
Phishing emails may contain attachments that appear to be legitimate, such as a receipt, invoice, or document. However, these attachments could contain malware or viruses that could infect your device once opened. If you receive an unexpected attachment from an unknown sender, it’s best to delete the email without opening the attachment.
Conclusion
Odds are, there are numerous phishing emails sitting your inbox right now. Being able to identify a phishing email is crucial in protecting yourself from falling victim to a cyber attack. If you receive an email that raises any suspicion, do not click on links or open attachments. Instead, go directly to the company’s official website by typing the URL into your web browser. Check for any updates or notifications there. Remember, when in doubt, it’s always better to err on the side of caution.
It is essential to stay vigilant and cautious when dealing with emails from unknown sources. Never provide personal or financial information or click on suspicious links or attachments.