How to Spot Phishing Links in an Email
/Phishing remains one of the most dangerous threats to individuals and businesses alike. It’s the number one delivery method for malware, spyware, viruses, password theft, and multiple other types of online attacks.
The fake email has been around since the early days of the internet and those “Nigerian Prince” scams. The early forms of phishing would be long rambling emails that spoke of some immediate hardship that the sender needed the recipient to help them out of, promising a huge reward.
Today’s phishing is much more sophisticated and designed to look exactly like emails that come from sites like Amazon, UPS, or your bank. They use the images and signatures of these companies and are designed to fool the recipient into downloading malware or visiting a link to a malicious website.
Phishing has been such a successful way to deliver online attacks or gain access to login credentials, that it continues to increase. In the 2nd quarter of 2021, phishing email volume rose by 281% in May and by another 284% in June.
Of all the IT security solutions your company can take to help ward off the impacts of phishing, employee awareness training is one of the most important.
Why Employee Phishing Awareness Training is Important
Employees are directly targeted in phishing attacks. The fake emails come into their inboxes and are cleverly disguised.
Phishing emails can look like just about anything, including:
Request from the HR department for payroll details
Shipping notification
Purchase order from a customer
File sharing request from Microsoft 365 or Google Drive
Holiday party survey
Warning from a cloud vendor about an account problem
Security notification from the bank
Fake password reset scam
And many more
Without proper awareness training that’s conducted regularly, employees can often get fooled by phishing emails. Just one click on a phishing link is all it takes for your entire network to get infected by ransomware or your database of customer information to be breached.
Studies show that with proper employee security awareness training, cybersecurity risk can drop by as much as 70%.
One of the most important things to train employees on is how to spot fishing links in an email.
Tips for Spotting Phishing Links
A majority of phishing emails use links instead of file attachments. This is because a link does not contain malware, so it can get past most antivirus applications.
These links take users to malicious sites that can do an immediate injection of malware into their devices. They can also take users to a spoofed login page that looks like a legitimate site. The user enters their password, and the hacker immediately steals those login credentials and uses them on the real site.
Because links are used most often in these types of attacks, users need to know how to spot them.
Hover Over the Link, But Don’t Click
The quickest way to uncover a phishing link is to hover over a hyperlink with your cursor without clicking on it. This will pop up a small box that contains the actual URL. This works on text links as well as image links.
You can see in the image below that this fake order confirmation that was personalized with the person’s name and company, isn’t actually from Amazon at all. Hovering over the URL reveals an address at bobin-head.com.
Here is another example that is pretending to be from AT&T and uses a convincing email to fake the look of the company’s actual emails. Again, hovering over the link, the words “right here,” shows this is phishing.
Avoid Shortened URLs
When you’re looking at your email or a strange text message on a mobile device, it’s not possible to do the hover action like you can when using a mouse. In this case, you need to look for other signs of phishing URLs.
One of these is the shortened links that use “bit.ly” or another similar form of obscuring the longer URL.
Here is an example that Malwarebytes has posted on their site as a warning.
You should avoid clicking any links from your mobile device that are shortened unless you are 100% sure that the sender is legitimate.
View the Source Code of the Message
Another way that you can spot malicious phishing links in an email is by viewing the message source code in your email application.
This shows the raw code behind the email and will also include the URLs used for any links. It can be more difficult to read through all the code, but you can look for any “http:” or “https:” notations that proceed a link to find them.
Here are the instructions for doing this in Outlook.
Get Help Protecting Your Company from Phishing
BrainStomp can help your company with several phishing safeguards, including employee awareness training, DNS filtering, and more.
Schedule a free consultation today! Call 260-918-3548 or reach out online.