What is a phishing e-mail and how can you tell it is a fake e-mail?

Making unsuspecting users believe they are dealing with a trustworthy entity in order to steal money or confidential information from them, or infect them with malware: this is, in a nutshell, what is meant by ‘phishing’. But what exactly lies behind this type of online scam? And how can you avoid falling into the trap of a phishing e-mail?

What is the purpose of a phishing e-mail?

Basically, cybercriminals increasingly make use of phishing techniques because it is much easier to get people to click on a link than breaking into their computers. The attacker pretends to be a trustworthy entity, sometimes even someone you know, attempting to gain your trust. Therefore, the fake e-mail he sends you looks authentic; usually it even includes the logo of the real company he pretends to work for (your bank, a web store where you regularly shop…).

Warning phishing mailsThe attacker’s intention is to steal your confidential information (login, password, bank details…) or infect your computer with malware (spyware, keylogger, ransomware…). The e-mail may contain an attachment that you will open without a second thought. Or it may include a link, which redirects you to the fraudulent website of the company, where you will enter your login details without any suspicion.

Such a phishing e-mail was recently sent to Combell users. The link provided in this e-mail redirected to a very convincing imitation of the My Combell control panel.

The fact that you received a phishing mail does not mean the attacker got hold of your personal details by hacking the company of which he is misusing the name.

Phishing mail herkennenIf you enter your personal details on such a fake website or control panel, the cybercriminal will be able to use them to access your online banking accounts, make purchases, etc. Your identity can also be used to commit fraudulent acts or scams, whereby the cybercriminal pretends to be you. In the case of the Combell phishing e-mail, the attacker would have been able to use your login details to log in to the My Combell control panel and access databases containing information about your users.

Incidentally, cybercriminals misuse virtually any means of telecommunication to launch their attacks (telephone, text message, social media, e-mail…). In this article, we will focus on e-mail, which is the most common method, but be wary of other means of telecommunication as well!

 

Why are you the target of a phishing e-mail?

The fact that you received a phishing mail does not mean the attacker got hold of your personal details by hacking the company of which he is misusing the name.

Attackers use all sorts of tricks to get hold of e-mail addresses of potential victims. Consider, for example, the publicly available Whois details related to domain names, the names and contact details of collaborators that are included on a company’s website, social media, etc. The Internet provides an astounding amount of personal information about many people, which is a real shame according to an increasing number of users!

However, e-mails are often sent to randomly generated addresses. You most probably already received a phishing e-mail from bank XYZ, with which you do not even have an account… However, we strongly recommend that you report any phishing attempt to the company whose name has been misused, and to SafeOnWeb.

 

Can you spot a phishing e-mail by checking the sender’s address?

Phishing mails analyserenUnfortunately, phishing e-mails are increasingly harder to spot. Often, they are exact duplicates of the e-mails you receive from legitimate companies, including the logo and all. And whereas previously you could effortlessly spot phishing e-mails just by looking at the poor English, it has now become quite a difficult task because of the improved language.

Cybercriminals use different techniques to fool you. In the first place, they use a fake sender address. This technique, called ‘spoofing’, is super simple. Anyone can indeed enter a fake sender name in an e-mail client.

There is no infallible way to find out who the real sender of an e-mail is. However, the route the e-mail took to arrive can provide you with an indication of the sender. You can find this route by having your e-mail client show all headers (please see our instructions for Thunderbird, Outlook, MacMail…).

You can also help by making sure that others cannot spoof your e-mail address. For this, you need to create an SPF record on your domain (please see: creating an SPF record).

 

The most common method used with phishing e-mails: cloaked links

Usually, the link included in a phishing e-mail is also perfectly hidden. Behind a seemingly harmless ‘click here’ button, the attacker can easily include the address of his bogus website. And even if a URL in mentioned in the text, the web address behind the link can be totally different. Even if the text says www.mycompany.be, for example, the link can still point to another address.

If you think you have received a phishing e-mail, check if the links included in this e-mail point to the website of the sender. If you have any doubts, you should enter the address yourself!

 

How can you decipher the underlying link?

  • If you are working on your desktop computer, activate your status bar (View>Status Bar) in your e-mail client or web browser. Hover your cursor over the link, and you will now see the address in the status bar. Or right click on the link and copy/paste from your clipboard so that you can examine it.
  • If you are checking your e-mail on your iPad or iPhone, long tap the link. A pop-up menu will reveal the real address.
  • Analyse and try to understand the link structure. The real web address to which you are redirected consists of the domain name plus an extension (.be, .com, .biz, .shop…), which are located right before the first slash (/). So, do not be fooled by an address such as https://postbank.be.fraud.com/login, where fraud.com is the actual (fraudulent) web address, not postbank.be!
  • Also, be careful with ‘homographic spoofing’, a technique whereby certain letters in a domain name are replaced by visually indistinguishable characters. The letter O, for instance, may be replaced by a 0 (zero), an i by a !, an I (capital i) by an l (small l) . Wikipedia will provide you with further information on homograph attacks.
  • Be very careful with URL shorteners such as t.co or goo.gl. Just assume that there is no legitimate reason for shortening a URL in an e-mail!
  • And, last but not least: in case of doubt, you should enter the address of your bank, web store, etc. yourself.

Be cautious with e-mails that ask you to log in to websites that store personal information about you. If you have any doubt, simply enter the address yourself! A healthy dose of mistrust can save you a lot of trouble!

Read more: Fallen into a phishing trap? This is how you can limit the damage.