Tips and Tricks: How to Identify Spear Phishing emails

Tips and Tricks: How to Identify Spear Phishing emails

New Horizons Learning Group’s on-boarding process includes the identification of phishing emails. This is also part of our intrusion prevention plan. We have hundreds of employees in four states and are constantly trying to educate our employees about how to prevent attacks.
“>
Although we stop thousands of phishing email each week, it is important that you know how to recognize them. Some may make it to your inbox. Email security is a top concern and we need your help in order to protect our sensitive information from being stolen by criminals. If you have any questions about an email you received, please contact your IT department or help desk. We can safely test it and let you know if it’s safe to open or click.
Here are some examples of spear phishing emails.
1. Email Sender Name and Mailing Address
Ryan Landry, email sent
Phishing Clue – This is not Ryan Landry’s email address. You must be able to recognize the sender and email address of any email. Even common domains can be duplicated with one letter. Email Sent from:
Phishing Clue: This email address is interesting and close to the company’s real domain however Americanexchangegroup.com redirects towww.axnygroup.com. It is not from AMEX Corporation. Grammatical Errors
Email Content: Please let me know if you are able to help me buy Amazon gift cards today. Please get back to me with the details of the gift card and denominations. Email me back if you can’t take your calls right now. Thanks for your message.
Phishing Clue – Grammar errors are common in phishing emails. Phishing emails can make us fat, and often have obvious grammar or syntax errors. Membership Access, Especially Final Remedies
Email Content: Dear Valued Members, Did you recently verify the User ID as requested from all American Express Members? Email Content: Dear Valued Member, Did you recently verify your User ID as requested by all American Express(r), Member? We have sent our updated HTML Web Page to all members to allow us to serve you better. You can ignore this email if you have updated your HTML Web Page recently and your card access will automatically activate. To protect your identity online, you can ignore this email and your card access will be activated immediately.
Phishing Clue – You will never be asked to save, download or re-verify your log in information by email only from a reputable merchant.
How can you prevent data breaches?
Password Exploitation: 83% of Americans are at Risk
Let’s face facts: Most people have terrible password security practices. Do you use the same password on more than one website? Are you one of the 23,000,000 people who use “123456” as their password? 83% of Americans use weak passwords (Avast), despite the increasing threat of account hacking.
The “Collection 1-5” data breach in January 2019 exposed 2.2 billion unique passwords and emails. In the first six months, there were a staggering 4.1 billion records worldwide. Account holders are at risk of having their personal information, money, and identity stolen by hackers when data breaches like these occur. Password exploitation was responsible for 81% of hacking-related data breach (Verizon). With more companies moving to the cloud and average businesses having 23 apps that require passwords, the risk of data exposure has never been higher.
People and computers use nearly 300 billion passwords each year. Complex or long passwords are no longer sufficient security. Users also rarely follow best practices when it comes to secure passwords. Two-factor authentication, in which users must enter a password and additional information, was created to improve the security of weak passwords. However, adoption is slow even within the IT industry. Ponemon Institute found 55% of IT security personnel don’t use 2-factor authentication in their organizations, while LastPass found that only 15% IT administrators enforce multi-factor authentication. Users who find it unnecessary burdensome to keep track multiple passwords and authentication procedures are the ones that are resisting.
Businesses are losing out on revenue due to this lack of compliance with password security best-practices. DataProt reports that 33% stop doing business with companies that suffer a data breach that exposes consumer credentials. This is in addition to the loss of revenue that a company may experience. Many organizations are focusing on IT security to reduce the risk of password exploitation. 82% of companies claim they lack the security skills necessary to protect their company.
You can help fill the gap by upgrading your skills or starting a new career as an IT security professional. This will make you indispensable at any organization. New Horizons offers certifications and courses in a variety cybersecurity topics.
These tips and tricks will help you spot phishing emails and prevent further attacks. Contact us to learn more about End User Cybersecurity Training or Intermediate and Advanced Cybersecurity.

Editor’s note: This article was originally published on October 24, 2018. It has been recently updated and revised for accuracy.