Core Information Technologies Ltd.

Managed IT Services

Phishing – How to distinguish between malicious and legitimate emails

How to Spot a Phishing Email Begins with Knowing What is a Phish

The first step in spotting a phishing email comes with understanding what a phishing email is. The most accurate definition of a phishing email is an email sent to a recipient with the objective of making the recipient perform a specific task. The attacker may use social engineering techniques to make their email look genuine, and include a request to click on a link, open an attachment, or provide other sensitive information such as login credentials.

Socially engineered phishing emails are the most dangerous. They are constructed to be relevant and appear genuine to their targets. The recipient is more trusting of the email and performs the specific task requested in the email. The results can be devastating. If the recipient clicks on a link to a malware-infected website, opens an attachment with a malicious payload or divulges their login credentials, an attacker can access a corporate network undetected.

7 Ways to Spot Phishing Email

Socially engineered phishing emails often evade detection by email filters due to their sophistication, but they often have common characteristics. Phishing emails are frequently constructed to trigger emotions such as curiosity, sympathy, fear, and greed. If a workforce is advised of these characteristics – and told what action to take when a threat is suspected – the time invested in training a workforce in how to spot a phishing email can thwart attacks and network infiltration by the attacker.

1. Emails Demanding Urgent Action

Emails threatening a negative consequence, or a loss of opportunity unless urgent action is taken, are often phishing emails. Attackers often use this approach to rush recipients into action before they have had the opportunity to study the email for potential flaws or inconsistencies.

2.Emails with Bad Grammar and Spelling Mistakes

Another way to spot phishing is bad grammar and spelling mistakes. Many companies apply spell-checking tools to outgoing emails by default to ensure their emails are grammatically correct. Those who use browser-based email clients apply autocorrect or highlight features on web browsers.

3.Emails with an Unfamiliar Greeting or Salutation

Emails exchanged between work colleagues usually have an informal salutation. Those that start “Dear,” or contain phrases not normally used in informal conversation, are from sources unfamiliar with the style of office interaction used in your business and should arouse suspicion.

4.Inconsistencies in Email Addresses, Links & Domain Names

Another way how to spot phishing is by finding inconsistencies in email addresses, links, and domain names. Does the email originate from an organization corresponded with often? If so, check the sender’s address against previous emails from the same organization. Look to see if a link is legitimate by hovering the mouse pointer over the link to see what pops up. If an email allegedly originates from (say) Google, but the domain name reads something else, report the email as a phishing attack.

5. Suspicious Attachments

Most work-related file sharing now takes place via collaboration tools such as SharePoint, OneDrive or Dropbox. Therefore, internal emails with attachments should always be treated suspiciously – especially if they have an unfamiliar extension or one commonly associated with malware (.zip, .exe, .scr, etc.).

6. Emails Requesting Login Credentials, Payment Information or Sensitive Data

Emails originating from an unexpected or unfamiliar sender that request login credentials, payment information or other sensitive data should always be treated with caution. Spear phishers can forge login pages to look similar to the real thing and send an email containing a link that directs the recipient to the fake page. Whenever a recipient is redirected to a login page, or told a payment is due, they should refrain from inputting information unless they are 100% certain the email is legitimate.

7. Too Good to Be True Emails

Too good to be true emails are those which incentivize the recipient to click on a link or open an attachment by claiming there will be a reward of some nature. If the sender of the email is unfamiliar or the recipient did not initiate the contact, the likelihood is this is a phishing email.

“If You See Something, Say Something” – How to Stop Phishing Emails

Conditioning employees in how to spot and report suspicious emails – even when opened – should be a workforce-wide exercise. The chances are that if one of your workforces is the subject of a phishing attack, other employees will be as well. “If you see something, say something” should be a permanent rule in the workplace, and it is essential that employees have a supportive process for reporting emails they have identified or opened.

The reporting of potential phishing attacks and opened suspicious emails enables security personnel to secure the network in good time – mitigating the risk that a threat will spread to other areas of the network and minimizing disruption. It is also a good practice to identify which employees spot actual phishing emails in order to prioritize action when multiple reports of a phishing attack are received.

Report Message add-in for Outlook

The Report Message add-in works with Outlook allows you to report suspicious messages to Microsoft as well as manage how your Microsoft 365 email account treats these messages.

Messages that your Microsoft 365 email account marks as junk are automatically moved to your Junk Email folder. However, spammers and phishing attempts are continually evolving. If you receive a junk email in your inbox, you can use the Report Message add-in to send the message to Microsoft to help us improve our spam filters. If you find an email in your Junk Email folder that’s not spam, you can use the Report Message add-in to mark it as a legitimate email, move the message to your Inbox, and report the false positive to help Microsoft improve our spam filters.

If you choose the Report Message button on the ribbon, you’ll see several different options.

  • Junk
  • Phishing
  • Not Junk
  • Options
  • Help

If you choose Junk, Phishing, or Not Junk, you’ll have the option to send a copy of the message to Microsoft, along with your classification of the message. This is optional. To turn off the option to send a copy of the message to Microsoft, choose Options and then follow the steps listed below.

Change your Report Message options 

  1. Choose Options from the Report Message button on the Ribbon.
  2. Select one of the following options:
    • Always send a copy of the message to Microsoft
    • Never send a copy of the message to Microsoft
    • Ask before sending a copy of the message to Microsoft
  3. Once you’ve made your selection, choose Save. You’ll see the following message in the InfoBar in the message header confirming your changes were saved successfully.

Note: Options settings are saved with the message, so to see your updated settings you’ll need to select a new message first. If your version of Outlook doesn’t support the Options setting, you’ll see a notification message that directs you to https://aka.ms/ReportMessageOptions.

Message Header Analyzer

To get started using the Message Header Analyzer Add-in:

  1. Open Outlook and click on Home > Get Add-Ins.
  2. In the search box in the top right, start typing “message header” and select the “Message Header Analyzer” add-in.
  3. Click the Add button to install the add-in.
  4. Once the add-in is installed, the Add button will change to say “Added.” Click the “X” in the top right to close the window.
  5. When you have an email selected in Outlook, a “View Headers” button will now be visible in the menu bar.
  6. Click this button to see the email headers for the selected email. The add-in has the following tabs:
    1. Summary: Information (this is the default tab when you open the add-in).
    2. Received: Information about where the message was received from, and when.
    3. Antispam: Information from Microsoft’s Exchange Online Protection anti-spam scan of the email.
    4. Other: All of the other header elements broken down into individual blocks.

You can download the Message Header Analyzer here (Direct Download Link): https://appsource.microsoft.com/en-us/product/office/wa104005406?tab=overview

If you have any questions about how to identify and deal with phishing, and how to better protect your business from this type of threat, please reach out to our Help Desk at [email protected] or (604) 632-4110.