“Phishing” is a popular term among hackers and hacking sites. These phishing emails are sent with the primary purpose of stealing valuable information or taking control of your networks.
It’s reported that every day nearly 3.4 billion phishing emails are sent worldwide. Naturally, therefore, it’s important to check if an email is legit or not.
There are proven methods to check an email’s legitimacy. This includes verifying the sender’s information and conducting a thorough inspection.
We will break down these methods into a few simplified steps to provide you with detailed insight. So, let’s get started,
The attackers try every possible way to make an email look as authentic as they can. So, for any ordinary person, it becomes difficult to detect a phishing email.
Although, if you use Gmail, it automatically detects suspicious emails and marks them as spam. These emails will not appear in your inboxes but your spam folder. Still, the cybercriminals know every smart trick to get away from being marked as spam. So, there might be a lot of phishing emails left in your inboxes.
Thankfully, there are a few tips we can leverage to check the emails’ legitimacy. Let’s start with the first step,
You can’t turn paranoid about checking your inboxes to prevent yourself from clicking on phishing emails and falling victim to the attackers. You must know how to filter out the important emails from the spammy ones to make things easy for you.
So, the first step to validate an email is to verify the sender’s information. Let’s take a look at the ways to verify that,
The “from address” is different from the “display name.” A sender can use any display name, and it’s not a factor that falls under email authentication protocols. But, the “from address” should be checked.
But, the attackers try to pose as legitimate people or companies. They leverage a two-step process to fool their targets. Firstly, they use cousin domains. A cousin domains look like this,
In this case, the attackers play smart by buying a domain name similar to a legitimate company’s domain whom they’re impersonating. So, you should check the “from address” and find out the email address.
Generally, the altered phishing email will look like [email protected] instead of [email protected]. Sometimes, there are wrong spellings found in a domain address. These are the signs of phishing emails.
So, if you’re not sure of the exact domain name for the company or person, you can do google research or check the previous mails to verify.
Secondly, cybercriminals use public domain addresses like Gmail, Yahoo, Hotmail, AOL after the company name, for example, [email protected] or [email protected]. It’s the easiest way to spot a fake email address.
It happens because the attackers hope that their target will only see the display name and will not check the email address. So, it would be best if you always were cautious about this.
This is a great way to verify a sender’s legitimacy. In addition, there are tools like ICANN or WHOis that allow users to find out the domain details.
If you type the domain name on these sites, it will showcase the site’s details, including the setup date, registrant, and registrar information. So in case, the sender is falsifying any information, you can easily spot that.
Another step to verify the sender’s address is to check the DMARC policy of the domain. This policy helps you deter between a legitimate and malicious email.
For this step, we will visit- https://secure.fraudmarc.com/tool/dmarc/ and type the domain name that you want to verify. For instance, here we typed “etsy.com,” and the policy appears “reject.”
This means it’s a legitimate email. Like this, you can notice policies written in terms like quarantine, none, no policy in this section. Let’s take a look at what these mean,
1. Quarantine: If an email lands in your inbox and its DMARC policy is “quarantine,” then it’s a legitimate email. If the policy is quarantined, then the email will be delivered spam folder when it fails DMARC.
2. None: If the policy is None, there’s no proper way to tell if it’s legitimate or not other than digging further.
3. No policy: “No policy” means that the owner hasn’t taken any measures to upkeep his company’s security. It would be better not to trust this email because there's no way to verify it.
Note: A failed DMARC policy doesn’t necessarily mean that the email isn’t legitimate. Perhaps the business owner has misconfigured senders. But, it’s safest to treat it as malicious.
Inspecting the suspicious elements in an email is another way to check the legitimacy of an email. For example, a legitimate company will never ask its users for their passwords, credit scores, credit card information, or tax numbers through an email. Likewise, they never send unnecessary links or unsolicited attachments through emails.
So, there are ways to inspect these suspicious elements in an email and assess their legitimacy. Let’s take a look,
When a hyperlink of the URL doesn’t seem proper or match the email’s context, never trust it. The fake emails often contain unexpected redirect links. The attackers include the hyperlink that looks similar to a legitimate website.
So, you may think that the link will take you to the company’s website. For example, a link given to you for changing your password may appear like- https://www.abc.com/account/passwordchange.
Note: Sometimes, you can notice an “HTTPS” is missing. Instead, the attacker uses a domain that starts with “HTTP.” You should never click a link in your email that starts with HTTP. But, sometimes, the HTTPS links can also be malicious. When you click this link, you will be redirected to a spammy website.
Let’s take a look at how you should double-check on the embedded link-
1. Take your cursor and hover over the link. If the link doesn’t match with the link in the text, then it’s spam.
2. Another way to check is by inspecting it. Take your cursor on the link and right-click on it. Then select “inspect” from the drop-down menu. You will see a window that will pop up with all the codes.
As a general rule of thumb, when an email contains an attachment, ask yourself if you requested this information.
Cybercriminals send emails with unsolicited attachments in the forms of spreadsheets, pricing sheets, receipts for payment, photos, invoice documents, etc. These documents may include malware that may infect your system.
So, it’s better to use a direct medium and reach out to the sender to ensure whether they have sent this attachment for any specific purpose or not.
It can be easier to verify if an email is legit or not by reading it carefully. Often, phishing emails try to trigger the readers’ emotional responses.
So, the emails might include subjects like the following,
1. Data-breach incidents.
2. A job offer
3. Lottery winning
4. Fundraising campaign.
5. An unbelievable discount
Hackers try to include a sense of urgency in their emails to convince a user to take prompt action. They know that a few of their targets will open up the email and follow the information written there. So, you must inspect and read the email vigilantly.
Bad grammar is one of the features of a scammy email. The emails from legitimate companies are always well-written. But, hackers play smart. They target those who are less educated and thus less observant.
However, with little knowledge and high vigilance, you can easily spot a phishing email. There are many grammar-checking tools available that you can leverage to check the editorial standard of the email. If it contains too much punctuation, grammatical and spelling errors, it’s undoubtedly a spammy one.
Irrespective of your user's security system, one small mistake can make you regret it for a lifetime. It will take one untrained or unaware employee to be scammed by the attackers. As a result, you may end up losing your critical data.
Therefore, it’s important to follow these aforementioned best practices to check an email’s legitimacy and prevent phishing attempts.