The Anatomy of Phishing Emails: How to spot one

By: Al Restar, Zero Day

A few weeks ago, a friend of mine told me about an email she received from what appeared to be her bank. The specific email asks her to go to a particular link and verify her account information, lest her account would be disabled.

Being an accountant that she is, she immediately knew that the email she received was a bogus one. She did a little research about the scam that mainly targets clients of her bank, and she found out that there were cases where people have fallen on the trap and ended up losing all the money they had in their account.

What my friend described to me was an example of a phishing attack. It is a form of cybercrime where the malicious actor aims to extract sensitive information like your bank account details to use it in a more dangerous attack in the future by posing as a legitimate website or service. Phishing campaigns are usually sent through SMS or emails.

In the case of my friend, the attacker masquerades as an official email from her bank and redirects the victim to a well-designed webpage that mimics the bank’s own website. By keying in a victim’s account information like account number, date of birth, name, and online banking password, the attacker will now have access to the victim’s bank account and can steal funds from it.

Phishing campaigns are not uncommon. In fact, most of the sophisticated attacks out there start with a good phishing operation. Falling victim to one could potentially have severe consequences – in the case of the victims of a similar phishing campaign as my friend, they lost all their hard-earned money.

But how do we know if the email or text we receive is a phishing email? There are a few tell-tale signs, and I’m going to discuss them in detail here.

 

They come from a questionable email address.

In the phishing email that my friend received, the attacker disguised himself as Bank of the Philippine Islands. By examing the email, I was able to notice that the email address used by the attack does not coincide with BPI’s official email address.

The official email address of BPI bears the domain bpi.com.ph, and this is consistent across all of the bank’s departments. Meanwhile, the message that my friend receives came from cards@bpisupport.com, which I know for a fact is not an official BPI domain.

 

They use a different logo from the official emails you receive

Logos are important to every brand. Big companies will make sure that their branding is consistent all throughout their customer communications – including emails. One striking problem with the email my friend received was that it used a totally different logo as a display picture than what is used by the official BPI email.

 

The link they provide will redirect to a different URL

Phishing emails usually come with a link that you can follow to enter your information. In this case, the link was https://online.bpi.com.ph/. Actually, this link is the official URL for BPI’s online banking portal. However, a closer inspection of the link revealed that it was a hyperlinked to a tinyURL.

My friend told me that at first, she thought that the email was legit because the link has an SSL certificate (signified by https). But don’t be fooled because this technique is also being used by hackers often. Instead of basing your judgment on the link that is written on the email, check out the URL when you open the URL.

 

It asks you to “verify” information online.

Emails that ask you to verify your information online while threatening you with the foreclosure of your account are most likely phishing emails. This is particularly true with online banking, as banks usually have a very strict data protection policy.

There are other signs to know whether or not an email is a phishing campaign that is not present in the example that I used to illustrate it. Nonetheless, the point of this article is to help you spot some of the most common signs of a phishing campaign through email. If you are unsure if the email you received is legit or not, make it a habit to verify it with your bank all the time. With enough knowledge about phishing, you can avoid falling victim to this time of cybercrime.