You are here: Home / Help Center / Email Support / General Email / Is This a Phishing Email?

Is This a Phishing Email?

by Inka Luoma last modified Nov 07, 2015 10:54 AM

The purpose of this document is to identify whether an email is a Phishing Scam - email that looks like legitimate email from a friend or familiar organization, but is not.

According to the Verizon 2015 Data Breach Investigation Report, 23% of recipients open phishing messages and 11% click on attachments. Nearly 50% of those open emails and click on phishing links within the first hour.

The actual sender of an email is identified in email's full email headers. Email headers may be opened either using Webmail or your desktop email application. Both methods are documented in How to Display Full Email Headers. Most phishes are so obvious that you don't need to look at the full headers.

See also How to Analyze Full Email Headers to Identify Phishing Scams.

The following examples show examples of red flags waved by phishes. Usually they are sufficient to confirm your suspicions so that you don't need to look at the email's full headers.

Example 1:

At first glance, the email in the Inbox might appear to be legitimate:
verificationCentre.jpg

Red flags before you even open this email:

- Have you ever heard of an Olympus Verification Centre?
- "Centre" is spelled in the British style - why would OlympusNet do that?
- We refer to ourselves as OlympusNet not Olympus Verification Centre.
- And finally, we will NEVER  ask you to verify your account. If there were a verification problem we would telephone.

Here is the view of the email now that it is open.
verifyScam.jpg

Red flags:

- The email comes from cdpt@rocketmail.com. It is not a familiar olympus.net address.
- The grammar is a little dicey.
- OlympusNet would not shut down an account without ample efforts over a few weeks to reach a customer by phone, and even by snailmail.
-We will never ask a customer to click on a link unless we have explained the link in simply, easy to grasp language, or have prepared customers ahead of time to expect a link, and what the link is about. The link in the example has a suspicious content - it doesn't sound like anything "readable", as our links would be.
- We never refer to Olympus Mail or Olympus.
- If you did click on the link (and we advise you not to do so if you suspect the email), you'll come to a form that asks for a username and password. Any email that asks you to enter your email username and password is a guaranteed phish. Always. No exceptions.

Example 2:

At first glance in the Inbox before opening, it's hard to tell whether this email is a scam or not.
daemonHeader.jpg

The email opened:
mailerDaemon.jpg

Red flags:
Again, the email should not be trusted because it requests the recipient to Click Here. OlympusNet will never ask you to Click Here with regard to your account.
- The text also contains a lot of technical jargon that we would never use with our customers:  SSL servers, configure Port 486 - if you don't know what it means, it is likely a fabrication.
- Again, we will never suspend an email account without phone calls and multiple emails.
- You will never have to click something in an email or on a website to get your emails to download.

If an email has not raised red flags but there is still room for doubt, return to the top of the document and follow the links at the top of this document.