Thursday, November 08 2018
How To Identify Phishing Emails, Scam Emails, & Legitimate Email Links
I will preface this post with the fact that I get about ten to twenty phone calls and/or emails each and every week from my clients about this topic alone. Personally, I am grateful for their trust and I deeply appreciate the opportunity to help them.
This post is intended to provide an additional resource on how to identify phishing emails, scam emails, and legitimate email links, not a replacement for contacting me for questions that you have! 😉
The Definition of "Phishing"
PHISHING is defined by wikipedia as: the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site.
Below is an email from a customer that I received just Monday wondering if it's a legit email or not:
Turns out, the email was indeed legitimate, but kudos to my client for asking first because he was in doubt! My philosophy has always been... "Better Safe Than Sorry!"
Here is another example of an email I received from a client:
Turns out though... this email was legit too!
Most of the emails or phone calls I get about suspicious emails aren't always legitimate though, they are usually in fact spam, phishing, or emails with malicious intent and again, I am happy to review questionable items that clients send to me.
When a client forwards me an email that they are questioning, I ALWAYS employ the "mouseover link" technique to help determine if it is in fact a phishing email, scam email, or legitimate email.
Below is a description of the "mouseover link" technique to see if the email is legit and NOT a phishing email:
Here is what happens when you 'mouseover' a link in the above legitimate email from us:
(see how the mouseover displays the link? The link displayed in the email AND the link displayed on 'mouseover' MATCH!)
But, just because they match doesn't necessarily guarantee they are safe to click on. In this case, yes - they are safe to click on. But keep reading... there are some clever scams out there and we don't want you to get caught up their deceitful net.
More information on how to quickly discern if a link in an email is legit.
Here is another example to help you quickly determine if a link in an email is "OK" to click on - hover your mouse over the link and look at the little popup that appears. Does the URL (website address or link address) match exactly?
Check out the image below (by Brave River) - it shows a link that is displayed in the email as "https://www.bankofamerica.com" - but when you hover over that link in the email, it shows a VERY DIFFERENT website address of "http://bit.do/ghsdfhgsd" - clearly NOT a legitimate link!
Another example to help you figure out if a link is OK to click on or not.
If an email is claiming to be from PayPal (which has a KNOWN URL of "paypal.com") but when you mouseover the links they display links like "http://www.paypal.fjdas.com" or even "https://www.paypal.fjdas.com" (notice the difference between http and httpS?)
Notice that the word "paypal" is included, but it does not immediately precede the dot com part of the website address. That is an immediate RED FLAG and DO NOT click on the link!
If the link had said the exact opposite... something like http://www.fjdas.paypal.com or even the secure version of that link which would read https://www.fjdas.paypal.com - then I "might" be more inclined to click on the link or at the very least, my trust meter would go up a tiny bit.
How To Expand Shortened Links To Reveal Their REAL Destination
There are free services available online, like CheckShortURL that will show you a short link's true destination.
If you click on that link for CheckShortURL - you can input a shortened URL to find out its actual location. Here is an example shortened URL which will reveal that its destination is this exact blog post: https://tinyurl.com/y8ql6eyf
Some link expanders will even go the extra distance and let you know if the link you submitted is on a list of known "bad sites".
More on How to Identify Phishing Emails
Here is a GREAT video by Washburn University School of Law on how to identify phishing emails:
Below is a video from Tyler at Specialized Computer Solutions outlining several best practices for maintaining email security and identifying scam and phishing emails.
The video is about five minutes long and it covers the essentials of how to identify phishing and scam emails.
The below is a SlideShare by Jon Santavy that I found which details Phishing Email Examples and How to Identify Them:
Another excellent article about "How To Check If A Link Is Safe To Click" was posted by Andreas Heifsel over at Teamviewer.
The Key Takeaways From His Article Were:
And for the next time there’s an “urgent” request from your bank or parcel service in between all of your daily email, These are the things you should look out for:
The TEDtalk video below was so funny that I just had to share it! It is also educational - but mostly funny!
Purely for entertainment purposes - a TEDtalk on what happens when you reply to spam email with James Veitch.
I am truly hopeful that the information provided above has been helpful and has added not only value, but provided some actionable steps that you can take to further protect yourself and your business from malicious emails.
Which bad experiences have you had when clicking on links that you were not sure about? Would these tips have been helpful to you and your business? Comment below... thank you!