Phishing is one of the most common types of cybercrimes. In 2021, Canadians lost an estimated $230 million due to fraud. 34% of that was from phishing attacks specifically.

Having your work email compromised can cause tremendous damage to both your personal reputation and the reputation of your business. As a result of an increase in phishing emails our clients have been receiving, we decided to put this blog together, showcasing real-world phishing attacks and how to spot them. Learn more below:

The Message is Sent From a Public Email

Reputable businesses and organizations will never send you emails via a public domain. For example, name@gmail.com, name@hotmail.com, name@live.ca, or name@icloud.com. Business and organizations will usually send emails from emails that match their domain. 

The email is most likely genuine if the domain name (what comes after the @ symbol) matches the suspected sender.

As opposed to if the email is sent from an address that isn’t connected to the alleged sender, it is most likely a phishing email. 

In this case, the message appears to be from PayPal, but the sender’s address doesn’t match up.

The attacker has modified the sender’s name field to make it appear as ‘Account Support’ in the inboxes of the intended recipients, and the message itself appears to be genuine.

Assuming it is genuine because the sender’s email address contains the word “PayPal” would be a common first impression. What follows the @ symbol in an address is what you really need to focus on. This identifies the company that sent the email.

Misspelt Domain Name

Subtle hints in domain names may also point to malicious intent, such as phishing.

An important obstacle is that any interested party can buy a domain name from a registrar. The fact that it is so simple to create addresses that are practically identical to the real ones makes spoofing viable even though each domain name must be unique. 

In the example below scammers have registered the domain microsfrtfonline.com,’ which resembles the words ‘Microsoft Online’ and might be mistaken for a valid address.

Mispelt Words & Unproper Grammer

When compared to emails professionally crafted for marketing or customer service, phishing attempts frequently lack the level of detail that is present in these types of emails. Never undervalue the importance of noticing when the font, formatting, or other elements of an email appear inconsistent and sloppy. Whether it’s the font, the formatting, or something else entirely. These are frequently signs that an email is part of a fraudulent scheme. 

Even though there are no misspelled words, the message has grammar mistakes that a native speaker would not make. For example, it says, “We detected something unusual while using an application.”

In the same way, there are missing word strings like  “a malicious user may be attempting to access” and “Please contact Security Communication Center.”

Unexpected Attachment & Links

If the destination address does not match the context of the rest of the email, the link should be considered suspicious.

If you receive an email from Netflix, you might expect that clicking the link in the email will take you to a website with the domain name “netflix.com.”

Unfortunately, many emails, both legitimate and fraudulent, conceal the destination address behind a button, making it difficult to determine where the link leads.

If it’s a button, you can try right-clicking it to see if you can copy the link. If so, copy it and paste it somewhere you can see it to see if it corresponds to the business and website it claims to be.

Hover over the link to reveal the destination you will be directed to if it is a link.

Create a Sense of Urgency

Scammers tell their victims that they have a limited amount of time to take action before it’s too late. They do this to force you to act and prevent you from reflecting on the inconsistencies of their request. They’re committing fraud.

In many cases, they’ll scare you into resetting your password by claiming that there’s been unusual activity on your account. The victim’s curiosity can be exploited in some scams by claiming that an offer is only valid for a short period of time. Because it encourages victims to think irrationally, this tactic is so effective.

But even if an email appears to be time-sensitive, you still have the opportunity to read through it and decide whether or not the request makes sense and appears genuine.

Use this as a guide and resource to help you if you ever feel as if an email is suspicious. If you are not one hundred percent confident that you and all the members of your team are aware of the dangers of phishing attacks and how to spot them, use this as a guide and resource to help you. Get in touch with us right away if you would like to have a conversation about the ways in which we can improve your cyber security efforts across the board at your company or organization.