It is becoming increasingly difficult to detect a phishing - or fraudulent - email. But here are several things that may give a fraudster away.
What they’re asking us to do
In compelling us to act, phishing emails also make us do something risky. That could be handing over our personal data, such as credit card information, bank account details or our PIN.
This is how a recent ATO scam operated. The scammers sent emails promising people a tax refund that would be paid directly into their bank account. To claim it, the victims were asked to log onto a portal and provide their bank account details and their passwords. Other scams operate by having the target click on a link or download a file.
It goes without saying that, if an email says it’s from an organisation, you should visit the site directly. You should never, ever download an attachment or click on a link that you’re not sure of.
A strange email address
A lot of phishing emails will give themselves away by the address they’re sent from. An authentic email will always come from a company account, a phishing email won’t –though the sender can sometimes mask this. If an email looks suspicious, the first thing you should do is hover your cursor over the ‘from’ line to see who really sent it.
Language that doesn’t sound right
While phishing emails are often very convincing, they’re usually not perfect. Look for grammatical or syntax errors, spelling mistakes, and odd turns of phrase. Also, check both the greeting and the sign off to make sure they ring true. The more generic these are, the more you should be suspicious. A legitimate company with whom you have a relationship will usually use your name.
A need to act urgently
Phishing emails usually ask us to click on a link or give away our information. They make us do this by telling us that something will happen if we don’t. Sometimes they might try telling us we’re about to receive a fine. Sometimes they may tell us we’ve won a prize and need to collect it instantly. Other times, it may be something as mundane as needing to collect a parcel. (See our example below.) Whatever it is, ask yourself whether it’s really likely before you click anything.
An executable attachment
When phishing emails include an attachment, it’s often an executable file (.exe). But there are other types of files to look out for as well. Anything ending in msi, .bat, .com, .cmd or .hta can write code and infect your computer. Even common files such as .doc, .docx, .xml or .xmlx can write code if they also end in a .m. To check the type of file that’s attached, hover your cursor above it. Just don’t click.
A poor quality site
If you do follow a link to another website, its quality may give it away as a fake. Look for low res images, badly arranged or misspelled content, poor design or anything that seems below the general quality you’d expect from the company you’re dealing with. Although scams are better designed than they once were, they’re unlikely to be perfect.
Look for these things and you should hopefully be able to spot - and avoid - many phishing emails. However, common-sense is often not enough, especially if you’re running a business where multiple employees have access to the network.
Cyber insurance should therefore be an important part of any business’s cyber health. CGU offers a full range of coverage for financial loss from cyberattacks, and has a cyber incident response team available round the clock.
Case study: Australia Post
Since early 2015, a series of scam emails have been sent to Australians purporting to be from Australia Post. The emails tell the reader that Australia Post had attempted to deliver a parcel but could not because no one was available. It then tells them that to collect, they need to print a label and take it to the depot.
In reality, the reader is not downloading a label, but ransomware. This allows the fraudsters to take control of the user’s files and block access to them. To get them back, the fraudsters demand money.