How to detect a phishing email

** Downloadable version attached below

Phishing is a form of attack where the attacker uses an email, text or phone call to get information or get into an organisations network.

This can also happen as spoofing; where the attacker pretends to be someone else.

Email Header

Look at where the email came from, does it make sense for this email to come from here? Does it make sense for you to receive it?



Which email address did you receive this email on? Does it make sense for you to receive this email on your work email?

 Were you expecting this email? If you weren’t expecting to receive anything such as documents and other important material, it’s most likely a scam.



Are there any attachments?

Look carefully at the file type. Anything other than a .txt file can be dangerous. .docx means it’s a word document but look at the .js which is a javascript file that could run something potentially dangerous (these are most likely blocked by settings already put together).

 

Email Content

Below is a picture of a spoofed email appearing to come from Origin Energy. Within the email content can be even more hazardous and potential dangers that can arise that can make an email look legitimate but is fake.

Links

If there are any links telling you to view or to change something hover over it and right click and click copy link address.

You can paste this link into a word document or notepad and paste it in.

From this we can see that the link from this is not actually an origin energy web address but is a link for a different website that seems to download a zip file.

Phone Numbers

 

After looking at the phone numbers given by Origin, and the number given in the link doesn’t match any of the business numbers given. Calling this number and hearing someone pick up isn’t enough of an authentication as usually these numbers are answered by other people in on the attack.

 

This also goes for requests that seem to be sent within the company posing as someone else.

If the number seems incorrect, call a contactable number where the person can be reached and ask if they sent it.