How to recognise phishing emails

Knowing how to recognise a legitimate email from a phishing email seems to have become a fundamental skill in terms of cybersecurity.

No longer just focused on promising mind-boggling inheritance or lavish rewards for “innocent” requests, phishing emails are becoming more sophisticated and more accurate in reproducing the writing style and tone of voices of well-known brands impersonated by the sender. But how to spot them? Here are some data and some useful tips.

The ultimate purpose of phishing emails is usually the acquisition of sensitive data used to perpetrate fraud or theft, as well as the spread of malware [software designed to destroy, damage, gain unauthorised access to a computer or network] and ransomware [software designed to block access to a computer or network until a ransom is paid]. According to data published by Statista and collected by Symantec, in 2018 55% of emails received from company employees were to be categorised as SPAM and, for every 412 emails, one was the bearer of potential damage.

When checking emails, it is therefore of particular importance to pay attention to a number of factors:

the sender’s email address [is this actually the official email address of the sending company?]
the subject of the email, especially if it refers to bills, invoices, delivery, scanned documents, legal issues to be solved…
any attachment to the email: be careful opening attachments without a name, which therefore only show the file extension [.doc, .dot, .exe, .rtf, .xls and so on]

[via]

Pay particular attention to the sender of the emails you receive. Unfortunately, the more famous and commonly used a brand is, the more likely it is to be used as a “bait” in composing phishing emails, especially if it operates in sectors such as technology, banking and social networking. Have a look at the infographic below created by Statista with data collected by Check Point showing the brands most often impersonated in phishing emails.

[via]