Learning How to Identify and Find Phishing emails

In this video, we’re going to go over how to identify phishing emails by looking at actual phishing examples. “Phishing emails with convincing social engineering schemes can lead to leaks of sensitive information and potentially enormous financial losses. Phishing emails are serious threats to businesses. They’re responsible for 94% of ransomware and $132,000 per Business Email Compromise incident,” according to TrendMicro. Now why are phishing emails so dangerous? Well, they’re really easy to create. There’s a low technical barrier. You don’t have to be a particularly advanced hacker in order to send a phishing email. People can send phishing emails with little or no cost. They’re highly effective, and they could be difficult to trace back to whoever sent them.

So let’s go over some phishing examples in order to help protect ourselves. Now, some of the examples we’re going to be looking at again later, because this is really important to go over and really understand. So the first one here is from Bill Gates, or at least it appears to be from Bill Gates. So we have Bill Gates. That’s actually who, when the email gets sent, it actually shows up as Bill Gates sent this. And the email looks like it’s from gatesbill@msn.com. Well, if we pay particularly close attention, we could see it says via srv62.main-hosting.eu.

Now what this means is that it’s really not from MSN. It’s actually being sent from this main-hosting. But it appears to be coming from MSN. So you need to pay very close attention to things like that. Because if your email’s being sent from another source, this is a pretty good chance that this is going to be some sort of phishing or spearfishing attack. Next up, we have Microsoft licence expired. And if we look at the email, looks like it’s sent from Microsoft Support Team. So in your inbox, you’ll see something that says Microsoft Support Team sent you an email. And if you take a quick look, you’ll see it says microsoft.s28. And generally people will stop there.

Matter of fact, this is one that I created. And I’ve used this in a phishing test before. And it worked pretty well. Because again, people will see Microsoft Support Team. And then they freak out. And if they look at the email, they’ll kind of start and they go, “Oh, well, it’s Microsoft-dot-something”, and they’ll generally stop there. It’s important to read the full email address. Now, this one is actually coming from Yahoo. So what I did was I created a Yahoo account. I named it Microsoft Support Team. And the email is microsoft.s28.

So the important thing here is, if a company is sending you email, Microsoft, Netflix, Amazon, PayPal, whatnot, it’s going to come from their own server, especially Microsoft that has her own email server. It’s not going to be using someone else’s, like Yahoo. So that’s a big red flag that you need to take a look for. Next up we have Netflix. So this Netflix email says my Netflix account is on hold and that I need to change my password. Someone used it on their smart TV in Georgia

on May 4, 2020 around 5:24. So there’s a couple of things about this. One, I don’t have a Netflix account. So that’s the first indicator. The next indicator is up here at the top. So it says, “Regarding”, and then, for me, it’s kind of garbled garbage, a little bit mix of English and some other languages. When a company sends you email, it’s generally going to be in a single language. It’s not going to be in another language. It won’t be mixed. So this is a big red flag here. Next up, Team Netflix. Generally, Netflix is not going to send you email that says Team Netflix on it.

And if we look at the email, here we see no reply service customer number. And they have a telephone number here, apparently. But the actual server that’s sending an email is dongo.info. So again, it’s not a Netflix email account. Now if we hover over the change your password link, we can see it’s going to some really odd location. And you shouldn’t click on the link or navigate to that link. I’m pretty sure it’s going to be something that’s either trying to scam you, install a virus on your computer, ransomware, or even like something as a key logger or a reverse connection back to your computer. But again, mousing over the link, we can see it doesn’t go to Netflix server.

It goes somewhere else. So that’s another indicator that this is a phishing attack. Here we have a PayPal account. So there’s going to be a couple of things here. So if we go down the line, we could see the email apparently is from service@initial.paypal.com.

That in itself looks real. So it looks like it’s coming from an actual PayPal server.

Let’s take a look at the header, “Regarding: Reminder daily report alert reservation.” That’s a little bit clunky in the subject line. Probably not a PayPal email. Let’s keep looking. So, “Dear Client”, they misspelled Client Service. Well, PayPal is a pretty major company. They’re probably going to be pretty good about spelling these emails that they probably send out quite often that if someone’s account’s been locked or there’s an issue with it. So that’s another red flag right there. But the real one up here is the send to. So it has one of my email addresses, and 89 other people on this email string.

So if PayPal, Amazon, any of these companies send you an email, they’re not going to send it to you and other people, especially 89 other people. That’s another indicator that this is a phishing attack. It should be ignored. So how do we identify phishing emails? Is email address spoofed? Is it real? Is it a real email address? Or is it being relayed off another server? Were we expecting the email, or expecting the email, the attachment, or the link? Do you have an account? If you’re going to email from like PayPal or Netflix or whatnot, do you even have a account with that service? And was it addressed to you? Was email addressed to you?

Was it addressed to several people, or was it a really generic email that’s not even addressing you directly?

These can all be indicators that these are phishing or spear phishing email attacks. And we do need to be vigilant. And again, with the email address, it’s always a good idea to copy and paste it out into a search and see what comes back if you’re not sure whether it’s a legitimate email or not. So in the next video, we’re going to go over some best practises for when you get these unusual emails. Thank you for watching. I’ll see you in the next video.