You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
This article preview will expire in 30 minutes, after which it will no longer be accessible.
PMR IT Support Site has a new look, we are working to make it better!
announcement close button
Home > Social Engineering > Recognizing phishing emails
Recognizing phishing emails
print icon
Alex Dasilva
Jun 25, 2021
views icon 18

1. The message is sent from a public email domain

No legitimate organization will send emails from an address that ends ‘@gmail.com’. Not even Google.

Most organizations, except for some small operations, will have their own email domain and company accounts. For example, legitimate emails from Google will read ‘@google.com’.

Look at the email address, not just the sender

 

2. The domain name is misspelled

 

3. The email is poorly written

Automated attacks

With phishing, scammers don’t need to monitor inboxes and send tailored responses. They simply dump thousands of crafted messages on unsuspecting people. They will use generic language and never mention you by name. They have been getting better with this though, as they might use the companies name since it is public and easy to find. 

 

4. The email was not expected

 

If you were not planning on receiving X email, then there is a good chance it could be harmful. We receive several different phishing emails from "Attorneys", "Fax messages", "File sharers", and "Payroll Issues". If the email was not expected or you can't find someone who knows the company or what "File" is attached in the first place, you don't need it! 

 

 

5. Check all of the rules above!

 

It is very common that scammers have caught on to these strategies and start to cover them up through clever means. Instead of blatantly attaching executables (Potentially PC destroying files) they attach links that lead to common file sharing sites which look completely harmless. Instead of poorly written emails, they send professionally styled emails with excellent grammar and wording. Instead of sending as a fake company they'll steal and use real companies that exist as a front for their phishing operation (as seen in the last example). So it's very important that you use all of these tips, as just checking for one will surely get your information stolen or your computer infected. 

 

If you have ANY doubts, please forward the email to IT as we can take a quick look at it. It takes no time at all and it's always better to be safe than sorry!

 

 

Here are some examples that WE have received;

 

 

Here is an example of what a breached account could send to people in our own organization;

This account was breached and used to send very realistic emails to people inside the same company. If it looks suspicious and they didn't say anything about sending you an email/file, their account has most likely been breached. Please reach out to IT immediately so we can solve the issue. 

 

 

Further information:

 

Feedback
0 out of 0 found this helpful

close button
scroll to top icon