Recently our internet probes detected several massive phishing campaigns aiming at banks mostly located in Europe. All of them are fitting the same patterns and an educated user could easily spot them. Since phishing campaigns could lead to identity theft, financial loss, and data compromising, let’s look at these 7 tips that help you recognize how to spot these phishing e-mails. But first …
Let’s talk Phishing numbers
Phishing attacks or phishing scam are with no doubts one of the biggest security challenges today and not only for banking institutions. Phishing attempts have grown 65% in the last year (according to the PhishMe’s Enterprise Phishing Resiliency and Defense Report) and this year the number will be probably even higher. Why? For fraudster the creation of a phishing site is relatively easy, in fact every month approximately 1.5 million new phishing sites are being created. So, without much effort fraudster can easily mimic a legitimate site, put it online and then sent thousands of e-mails to lure credentials and get quickly full access to the victim’s banking account. Not too much effort indeed. The list of signals below, comes from years of ThreatMark’s Security Operation Center experience scrutinizing phishing campaigns and collecting data from our probes across the Internet:
1. Suspicious Sender Address
In many cases, the e-mail address is suspicious at first glance. By looking at it you can spot a different domain not related to your bank’s domain. Often the domain is very complicated and very long, sometimes containing expressions such as „well-known“ to confuse more experienced users. Watch out for similar looking domains (1stbank.com vs. lstbank.com). If you receive a suspicious e-mail from someone you know, double-check the sender address first.
2. Call-to-action Button
The purpose of every phishing e-mail is enticing your credentials, mostly via submitting some form located somewhere on the Internet. The attacker wants to lead you there through some link or button in the e-mail body. Do not click on those, unless you know where they are going. If you want to be sure, hover over the link first, the real URL address will appear in the left bottom corner of your internet browser.
3. E-mail Inaccuracies
If the content of the suspicious e-mail contains grammatical mistakes or typing mistakes on visuals parts are broken, you are most probably dealing with a phishing e-mail because usually Banks use proof-read templates and do not make this kind of mistakes.
4. Request for Sensitive Information
Do not send any sensitive information, ever! Most of the banks do not request this information through e-mail at all. So any message requiring an update of your banking account info via e-mail is an attempt to entice your credentials. Nowadays attack vectors can also involve fake mobile applications so you better double-check the origin of the application even from Google Play.
5. Mail Attachment
In most of the cases banks never send attachments. If you receive such an e-mail from a bank, confirm its validity with your bank by phone. Attachments can contain malware of different kinds, such as ransomware and keyloggers.
6. Too good to be true
Probably the oldest strategy regarding phishing e-mail is sending over information about an amazing win. If your bank informs you that you have won a large sum of money or a voucher for an expensive gift, it is very likely that you are dealing with a phishing e-mail and you should be very cautious and contact your bank immediately.
7. Pressure and emotions
If the e-mail plays with your emotions, eliciting curiosity, sense of urgency or fear (virus detected, account expired, card expired, low balance) you are probably facing a phishing e-mail.
Summary
With these simple tips in mind you will be able to better recognize phishing e-mails and in combination with common sense, you can significantly lower the risk of being a cyber-crime victim.
And Banks are not helpless either. There are ways for Banks to prevent phishing using different techniques, such as scanning billions of e-mails for potential signs of phishing (searching for the mentioned name of banks, used bank’s logo in those e-mails and so on) and other methods involving sophisticated ways to spot waves of phishing even before they start.
Lukáš Jakubíček
