Phishing – Four Hooks To Look Out For

When was the last time you received an email from Paypal, or Australia Post? If you’re anything like me, these emails are all too familiar, and I rarely pay much attention to them – I simply want to know when my new non-stick frying pan will be arriving…and it’s just this unguarded attitude that many phishing attempts will take advantage of.

I was having lunch, scrolling through emails on my phone when I saw this email:

I hadn’t ordered anything. Had someone stolen my card and gone on a shopping spree? The email looked correctly formatted at a glance, and everything appeared to be in order? Before I went into a total blind panic, I decided to check the email on my computer when I got back to the office.

And that’s where I noticed a few things about this email that, on closer inspection are a bit suspicious. Namely the emai

l had come from service@intl.paypal.com as opposed to service@paypal.com.au, which is where I generally expect them to come from. I hadn’t had my credit card stolen, this was a phishing attempt.

Phishing emails will typically prompt you to click a link, when you get to that website you’ll be prompted to hand over personal information that the legitimate organisation already has.

If you’re concerned about phishing here are some things to keep in mind when you receive a suspicious email:

  1. Is the email in relation to something you expected? If you’re receiving a receipt for something you’ve not ordered, that’s an immediate red flag.
  2. Check the sender address. In this example, note that the actual sender address doesn’t match the display name, and is certainly not coming from Paypal.
  3. Check for spelling and grammatical errors. Most legitimate businesses will put due diligence into ensuring their email communications are correctly worded.
  4. Check where the links are going by hovering your mouse over them. In this case, all links were going to a suspicious URL not on the Paypal site:

This is by no means a definitive list, but if you keep these things in mind the next time you receive a suspicious email, you might just save yourself or your company the hassle of being successfully phished! If your business has some IT security advice, get in touch today.

If you’re looking for consultancy services to help design your own IT business processes, contact Starboard IT to find out what we can do for you.