Opening email is an experience. It can be fun, stressful, or exciting, but the last thing anyone wants it to be is dangerous. The prevalence of phishing emails that are crafted to steal recipients’ information, however, can make checking your email a very risky task if you are not careful.
Although many phishing messages can be easily recognized as fakes, others take a great deal of scrutiny to uncover. “Spear phishing” messages often include information specific to the recipient harvested by the attacker prior to writing the email, e.g. through social media.
A convincing spear phishing message may disguise itself as a note from a friend or as an official-sounding notification from a business partner. This is in sharp contrast to traditional phishing messages, which try to appeal to as many people as possible by remaining intentionally vague, making them easy to see through.
Here’s an example of what a phishing email may look like:
Both the sender address and the URL underlined should stand out as immediate red flags. It is clear at a glance that the underlined fields are suspicious, but other phishing messages may spoof this information completely by altering the email so that it will show up in the recipient’s inbox with the sender address “firstname.lastname@example.org” instead of the less convincing “email@example.com.”
Link spoofing is just as common. It is important to always take a couple seconds to hover your mouse over the link and look in the bottom, left-hand corner of your browser to verify the URL of the website. The URL that shows up in the corner of your browser can never be altered.
Hovering your mouse over a seemingly inconspicuous link...
...may reveal that the link leads to a completely different, malicious website.
In short, it is always a good idea to exercise a great deal of caution when checking your email. When cues that are usually used to judge whether an email is trustworthy are spoofed, even otherwise conscientious individuals can let their guard down once and be fooled. Avoid dealing with the costly aftermath that comes with being phished by going that extra mile to verify an email’s legitimacy before responding, clicking links, or downloading attachments.
If you suspect that an email you received is phishing and not a legitimate correspondence from Dyn, play it safe and forward it to firstname.lastname@example.org before taking any other action.
About the Author
Melissa is a Security Analyst at Dyn, a cloud-based Internet Performance company that helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience. Follow Dyn on Twitter: @DynMore Content by Melissa Bruno