9 Ways to Identify Phishing emails

© 2019 by cybersecurity1hub.com

Phishing emails will not have a subject or heading that says they are a Phishing emails But if you look closely, you can see many tell-tell signs in a phishing email. You may find spoofed email  address and spoofed domain name among others. Moreover, they use social engineering.

You know that phishing is a big problem.  They attempt to obtain personally sensitive information (PSI) such as banking and credit card details, and password etc., usually for malicious reasons, by disguising as a legitimate entity or business. Let us review some tell-tell signs.

If you want to test your ability to identify phishing emails, then click here to take a quiz.

Phishing and Social Engineering
For Phishing, emails are used creatively.

Social Engineering

Suppose part of an email you received from your bank says, “… on Sunday at 6:00 AM money was withdrawn from you account. If you didn’t make the withdrawal, you MUST take security measure now.”

If you didn’t do a withdrawal, the fear of loss of money from bank and unauthorized activity in your bank account are likely to make you act swiftly.

Now the same email may include, “You can click on the link below to take security measure immediately,


Or if you prefer call 1-800-4483437 (1-800-giveIDs) ”

The fear of loss of money compounded with human laziness most likely make some people to click on the link or call the 800 number.

Greed is another human factor that is quite often exploited in phishing emails. For example, an email you received may say, “…for evaluation of a new European tour operator, our client is offering all-expense paid 10-day Western Europe tour to a group of randomly selected 30 people. Although the tour is free, you will have to provide detailed evaluation of the services that you will be receiving. If you are willing to …”

In summary, cyber-criminals often use fear, laziness, and greed to social engineer emails. Similar techniques are used for phone, SMS, and text fishing. These three are most commonly used social engineering techniques, but there are much more because criminal minds always looking for more creative ways to exploit human vulnerabilities. Here are basic guidelines to identify phishing emails.

Spoofed email address used for Phishing

When you receive an unexpected and unusual email, look beyond the subject line or format of the email, because the format, including images on the email, could be identical to a familiar source, say your bank. The question you need to ask: your answer is, it looks like’. That means you are not sure yet.

Look more closely at the sender’s address. It may be a spoofed email address or look-alike email address. A spoofed email address appears to be from a legitimate entity,  person, friend, or family member. The true ‘from’ address is (masked and) replaced with address the recipient ‘almost’ familiar. For example, if you are used to getting emails from custmerservices@yourank.com’, the phishing email could be sent from ‘security@yourbankcustomerservices.com’. Unless you are 100% sure, do not open that email or take any action. What you should do instead is visit your bank’s website or better, call the phone number of your bank to ensure that an email has been sent to you by the bank.

Spoofed domain name used for Phishing

Phishing emails quite often come with a link to a website. The URL may be hidden under activated words, names, or phrases. First, hover (not click) your mouse button on the activated words, names, or phrases. The URL will show on the left-side of the bottom bar of the browser. Read it carefully. Carefully, because a couple of letters may have been transposed to generate a spoofed domain.  If you click on this URL, you will be directed to the spoofed website, which may have look very similar to or identical to the website you think you are visiting.

Of course, you will not get any service from this website. If you try to sign-on, your username and password will be collected. There are more sophisticated ways to spoof websites. If you want to take action because of the email you received, enter the website URL on your browser’s address bar for connecting to the website. If you have a bookmark for the website, you may use that as well.

Phishing Emails pretends to save your banking A/C

Two common types of phishing emails are (a) account deactivation, and (b) suspicious log-on. Account deactivation email may come just before cosing the bank and that would give you a very short time-window for taking action. This creates an urgency for taking action, because you may need to withdraw money, say over the weekend, when you may not be able to reach someone in the bank for reactivating your account. The suspicious log-on email may show a time when you are very unlikely to log-on in your account. This time stamp is for creating an urgency in your mind and to influence you to act NOW, that is, call the 800 number on the email or click on the link provided in the email. Recall that content of the emails created using expert social engendering techniques, most likely showing spoofed email address, and has a link to a spoofed website.

Phishing Emails pretend to save your credit

There are many versions of emails for phishing credit card details, but a common goal of all of them is to get credit card number, expiration data, and security code. Some variations of phishing emails for gathering online banking details have been circulating for collecting credit card details, but there are specially crafted phishing emails for getting credit card details.

For example, you may receive an email informing you that you have made an international transaction with your card. The email also will advise you to take no action if you ‘really’ made the transaction (this is the part for making you very anxious to take an action). Then the email will give you toll-free number for calling immediately if you have not made the purchase. Once you call the toll-free number, you most likely reveal the information the cyber-criminals are looking for. The best option for you to NOT call the toll-free number on the email, but call the toll-free number on your credit card. If you don’t have your credit card with you, find the toll-free number from the Internet or call someone who may have the number.

Phishing Emails appears to be from email providers

Most of the people (including me) have thousands of past emails in their email account. Getting access to an email account is a treasure trove of personal information. Cyber-criminals pretend to be email-service provider to phish email account password. The contents of these phishing emails include, a reason such as security-software upgrade or sever upgrade. The account holder is warned of deactivation of the account after a given time-window, if his/her information is not updated/added to the new system.

Most often, however, sender’s email address is masked/removed with a spoofed email address. A link to a spoofed website is included in the email. Thus, if you carefully read sender’s email address and the URL of the website where you suppose to update your information you will discover that it is a phishing email.

Another trick the cyber-criminals use is unusual and suspicious activity in and from your email account. The contents are quite similar to the banking information phishing emails, but will have a link to a spoofed website and unlikely to have a toll-free number.

Phishing Emails offering job-placement service

Who does not want a better job with higher salary or better working environment or better parks or all of those? Cyber-criminals know our desire to get better jobs. They create phishing emails for those who are desperately looking for jobs and for those who are looking for better jobs. The purpose of these emails could be making small money or collecting personally sensitive information or both. Of course sender’s true email address is masked and a spoofed address of a well-known placement service provider’s email address is displaced.

For the first case, the email will have an attractive list of job openings and will direct the recipient to a portal for submitting application. Soon a job offer will follow, but a small processing fee will be asked to pay. For the second case, the scam will be similar, but instead of a processing fee further information will be requested for background check. Of course, you have to visit a portal and fill out a form that will require you provide your personally identifiable information such as social security number and date of birth etc.

Phishing Emails offering free international tours

Attractive international tours are in our mind. How about an all-expense paid international vacation? Yes, it is almost free — all you have to do is to promise an evaluation of the tour operator. This type of emails will take advantage of our desire to get free goodies (or should I call it our greed). After some email exchanges, you will be asked to provide tons of personally sensitive information, such as copies of your passport and social security card etc. Once you have provided them what they wanted from you, you will never hear from them.

Phishing Emails reminding to change password

If your do many online shopping, bill paying, and banking etc., you have several accounts to do those. Well some of them require you to change your password periodically, say every six months. From them you get emails reminding you of the upcoming deadline to change your passwords. Well cyber-criminals know this, and they craft phishing emails for collecting your usernames and passwords.


Subscribe for free. We hate spam. Your email address will not be sold or shared with anyone else.

One Comments

  • CAP

    December 28, 2017

    A infographic would be quite useful.


Leave a Reply