Thousands of phishing emails are sent to people and businesses all the time. Most of the time these emails sound so ridiculous they are obvious frauds, however every now and then a well crafted one can get by undetected. Case in point: one of the The Mac Mechanic’s clients recently received a crazy good one. Thankfully our vigilant client was able to identify the bogus email before any business details could be handed over. While antivirus protection goes a long way, phishing emails are designed to slip under the radar.
Today we’re going to break down this email and give you some tips for detecting the scammers.
What to look for in phishing emails
We’ve even blacked out the the scammers details, aren’t we nice?
They use real people’s names within the company
We’ve had to black out some details here but you get the general idea. What is especially clever here is that the scammer has accessed the company website and looked at the business hierarchy and structure to see who is in charge. They have then engineered an email with a fake from email address from the CEO to one of the office admin staff, to make it seems like a real request.
Check the email address, not just the email name
The first thing to note is that while the from email address seems legit, the reply-to address is pointing to an email address not associated with the business. Another thing we can check is the header and footers of the email. When we took a look at this one we can see the domain joyfromabove.com, which tells us the real email address this has been sent from and where the reply email would be sent to.
Look at the email signature closely
One more thing we can look for is the lack of company email signature. This scammer has cleverly sent the email from an iPhone, which as you probably know doesn’t send email signatures, even when being sent from a legitimate business email address.
Pay attention to the tone of voice
The tone of the email is off. People don’t talk like this! Also if the head honcho is asking for basic details pertaining to their own business, something must be off. Likewise when you receive a dodgy email claiming to be from your bank – they already have all your details, so why would they need you to reconfirm your account number, password or security question?
And finally…follow your nose
At the end of the day, common sense and keen eyes will prevail when it comes to protecting your business from these phishing attempts. If something doesn’t feel right, it’s probably for a reason. Keep your eyes peeled everyone!