Gone Phishing

Phishing Emails By Nick Clayden

I was reading this article, it got me thinking about how easy it is to catch a user off guard and get access to their accounts. A dot in an email address is a subtle difference but in that case is the difference between a legitimate request and a phishing one. For some reason, Gmail will let you own all the dotted variations of your email address. So, if you are joebloggs@gmail.com, you can still receive emails on joe.bloggs and jo.ebloggs. There aren’t even any alerts to tell you that an email has been sent to a variant of your primary Gmail address.

Office 365, on the other hand, alerts their users when they spot any signs of a phishing email and prepends the email with something like this:

 

 

 

Or

 

 

The email was also moved to my Junk Email folder which is a big help.

But, it got me thinking, if a user doesn’t know what to look out for, they’re more likely to get caught, no? So, here are my top tips on how to stop a phishing email from catching you out!

Here’s an email that’s claiming to be an invoice from 24-7 Industrial Services UK Ltd:

 

 

 

 

 

 

 

 

 

To the unsuspecting user, this looks like a legitimate email and comes from a domain containing the well-known accounting software, Xero.

Check the Email Address

If you’ve received legitimate emails from Xero before, check those and compare the sending address. The actual Xero address is: messaging-service@post.xero.com so bare that in mind.

Check any Hyperlinks

Before clicking on a link, hover your mouse over it to bring up the full URL

 

 

 

 

Ask yourself, would this company normally direct you to a different website? If not, then it’s pretty likely to be spam.

Check for Attachments

If the email asks you download or open anything, then I would say that it’s likely to be a phishing email as well. Even PDFs can contain viruses. Even if the document doesn’t contain a virus, this will be because the scammers want to give you the impression that their document is real.

 “I’ve seen phishing emails come from the actual email address of the sender”

In my time on the Binary Bank Help desk, I have seen these catch users out and the after effects are frustrating. Here’s one that I saw earlier this year:

 

 

 

 

 

 

 

 

In this situation, all looks great; the email address is right, it’s been received in Calibri which the legitimate signature for this company. The email says they using DocuSign which is a fast growing document signing service which fully integrates with Office 365. What’s more is that bit.ly is a proprietary link shortener so I wouldn’t expect the user to be suspicious.

Even clicking the “REVIEW DOCUMENT” link won’t cause the user any harm, but they will be presented with a log in screen and it’ll look exactly like the Office 365 sign in screen, just hosted on someone else’s server. The unsuspecting user will type their email address and password in and at that point, you have inadvertently handed over your account to hackers, without them doing anything malicious.

To stop an email like this in its tracks, there’s a little bit more detective work to do:

Grammar

Ask yourself, “would this person write about themselves in the third person?” or “Does this person normally use ‘Good day,'”

Recipients

Check who the email has been sent to. Has it gone to a random distribution group that doesn’t sit on your Exchange? Are there 0 recipients in the To field? These are tell-tale signs that it’s a phishing email as users would normally send you an email directly if they wanted to contact you?

The moral of the story? Be diligent. Look twice at the email and if there is any doubt after following the above, contact the “sender” directly.

If you need any advise or for further information, please call us on 01277 280008, email support@binarybank.co.uk or contact us here.