TMC's Advisor

The Advisor is published by TMC

Identifying Email Phishing

Pretty well everything you don't want to happen can happen through phishing attacks - a user is tricked into clicking on a link, opening an attachment, or disclosing information. Everyone knows that we shouldn’t fall for a phishing attack, but what exactly does that mean? We can’t delete every email that might possibly be dangerous. Here are some simple ways to check out a questionable email message.

By Ellen Koskinen-Dodgson

Ellen Koskinen-Dodgson is President and Managing Partner of TMC IT and Telecom Consulting Inc. She is an IT and Telecommunications Management Consultant, electrical engineer, author, speaker, media resource and Expert Witness.

Phishing is Easy

Phishing is one of the most common types of cyber-attacks – and the most successful. That’s because it’s so easy to perform. It tries to steal sensitive information such as credit card numbers or usernames and passwords to gain access to your systems. It works because of our curiosity and our willingness to be helpful. The bad guys find your address from the Internet through hacked websites, and from publicly disclosed accounts on public forums.

An Easy Example

Here’s a malicious email with obvious red flags. The first red flag is that ‘Canada Pharmacy’ is not one that is generally used by the public. We use Shoppers Drug Mart, London Drugs, or our regular local pharmacy.

Poorly written messages are also red flags. There is no subject in the Subject Line and the sender’s email address does not seem to match very well with the display name of Canada Pharmacy. Also note how the To: field is addressed to ‘You’. Reputable companies do not send out emails that look like this.

In this example there are too many red flags to even waste our time trying to check it out. This is a good example of the “just delete the message” approach to suspicious communications.

A Tough Example

A common spoofed email that’s difficult to detect looks like it is from your CEO or a senior executive. It requests a money transfer or an account reset, often from their cellphone and often with an urgent tone.

As frauds are difficult to detect, these type of requests must be confirmed via a voice call or escalated up to senior management for confirmation.

Red Flags

Be suspicious when you receive an email that seems to respond to a question you didn’t ask, or an action you didn’t take. Beware if you’re asked to click on a link or provide confidential information. If there’s anything “off” like poor formatting, grammar, spelling or graphics, just delete it.

When in Doubt

When in doubt, but you think that the email might be legit, do some basic investigation. Look for red flags, hover over a link to see if the link text matches the visible words, check the message file properties to see the originating

email address and the reply to address…. If the message looks important, especially if it deals

with banking or other sensitive information, contact the sender using contact information from another source. Never use contact information provided within the suspicious email.

If you’re not sure about the source of the message, and it doesn’t seem important, just delete it.

If you’d like to comment on this article or explore these ideas further, contact me at .

This article was published in the November 2021 edition of The TMC Advisor
- ISSN 2369-663X Volume:8 Issue:5

©2021 TMC Consulting