Don’t Take the Bait: How to Spot a Phishing Email

What is a Phishing Attack?

A phishing attack is a type of social engineering that cyber criminals use to manipulate their victims into revealing sensitive information, including login credentials. Cyber criminals typically use email to carry out these attacks, posing as familiar individuals and sending messages that appear to be legitimate.

Phishing attacks are simple yet effective, likely because of our frequent use of email and lack of security awareness. According to Statista, nearly 24% of phishing attacks targeted financial institutions in the first quarter of 2022. These bad actors are setting their sights on financial institutions because their actions could result in financial gain. Read our blog for insight into how to identify a phishing attack, why it’s important to report phishing emails and strategies for mitigating your risk.

Looking for additional strategies to strengthen your cybersecurity posture and defend against attacks? Download our cybersecurity white paper.

Example of a Phishing Attack

While phishing attacks take many forms, a common attack occurs when you receive a suspicious email from a legitimate sender. This can be a type of clone phishing, in which a legitimate email is copied, and the hacker switches out links or attachments for malicious ones that install malware when activated.

Consider this example: Miranda receives an email from Nigel in her company’s accounting department asking her to sign a document via DocuSign, a common business software. When Miranda clicks the link to access the document, she is prompted to login to her O365 account. She wasn’t expecting any document from accounting, so she calls her colleague Nigel in accounting to confirm that he sent the email. As it turns out, Nigel did not send the email and his credentials had been compromised.

When emails are sent from legitimate senders (such as in the scenario described above), it can be more difficult to detect a phishing scheme as people are often less suspicious. But once a user enters their credentials into the fake O365 page, the account is compromised. If multiple employees at an organization fall victim, the damage could be quite widespread.

Cyber criminals use phishing to manipulate their victims into revealing sensitive information, including login credentials.

What’s a Common Indicator of a Phishing Attack?

Don’t find yourself faced with a suspicious email and unsure of what to do. Here are four recommendations for components of an email to inspect if you suspect that you’ve received a phishing email.

  • Validate the sender: Always be mindful of where an email originated. If the sender is known, carefully inspect the “from” address to look for slight alterations, a clear sign of a phishing attack. If you receive an email that’s suspicious or strange, call the sender to confirm that they sent it. Don’t ask if it’s legitimate via email or Teams because if the mailbox or account is controlled by the fraudster, they can respond through those channels as well.
  • Read the email carefully: While incorrect grammar and spelling were once tell-tale signs of phishing, cyber criminals have gotten savvier. Some emails may still contain spelling errors but watch for urgent messages that pressure you to click a link or open an attachment. When it comes to cybersecurity, trust your instincts. If something feels off, it probably is.
  • Check the links: Hover over any URL links in the email to confirm the address. If the address displayed is different from what is written in the email, it is likely directing you to a site loaded with malware. Be sure to also exercise caution if the URL is misspelled.
  • Notice any email banners: With snail mail, a sender can write any return address on a letter. And in the digital world, fraudsters can make it appear that an email came from somewhere else, including inside your organization. Including a banner on emails that alerts the recipient that an email came from an external source can encourage a heightened sense of awareness.

If you receive an email that contains red flags, do not click it. Report it as phishing to alert your organization’s IT department so they can further investigate.

Analyzing a Phishing Attack

The more your organization knows about an incident, the better you can respond. Once a phishing attack is reported to your IT department, they can analyze the email in-house or work with a managed services provider to determine where the email originated and what mail servers it went through. In some instances, the return path can be identified which provides additional information.

If you know the subject, time sent, where it originated and the recipient, you can often track who else received it. Visibility into the recipients can also help determine if it has gone beyond your organization. If it has reached multiple parties internally or been received by external customers, consider issuing a communication alerting them of the risk.

With a Security Incident and Event Management (SIEM) or other managed detection and response system, you can search for outbound connections to the URL to determine who clicked it. If other users have clicked, it’s recommended to reset passwords as a precaution.

Always report suspected phishing attacks to your IT department.

How to Prevent Phishing Attacks

In today’s digital world, phishing is an ever-present risk. Cyber criminals are constantly evolving their tactics, making it imperative to have a cybersecurity-minded workforce. Email is one of the main forms of business communication, with some employees receiving hundreds of emails every day. Consider adopting the following best practices to help your organization prevail in the fight against phishing.

  • Use an email filtering system: Email filtering systems can detect and stop a significant number of malicious emails, providing an added layer of security for your organization. Keep in mind that cyber criminals diligently work to circumvent these controls, so the human element remains critical to prevent attacks.
  • Educate your employees: Routinely talk to your employees about current social engineering tactics and conduct cybersecurity training so they can effectively identify suspicious emails. Using real examples is a way to build education and a strong sense of awareness when checking email. Make it easy for employees to report potential phishing attempts.
  • Require multi-factor authentication: If someone obtains your password, multi-factor authentication (MFA) helps protect your account and make it more difficult to access. While MFA does mean an extra step to login, the protection it provides is more than worth it. MFA should be enabled on any account possible.
  • Review your security procedures: To ensure a smooth response, make sure procedures for handling security events are reviewed at least annually. Having up-to-date procedures will help streamline your incident response, as you don’t want the first time you follow a procedure to be in the wake of an actual attack. Further, your organization should test your security procedures regularly to ensure they are effective and keep up with the latest technology.

Maintaining Your Cybersecurity Defenses

Since phishing is such a pervasive threat, understanding how to spot phishing attempts and embracing a proactive approach to cybersecurity will help your organization mitigate risk. Learn more about strategies to enhance your cybersecurity defenses by downloading our white paper.


James Mathis is a manager of network and security operations at CSI.



Get In Touch

Are you looking for the edge to outperform the competition? CSI is a full-service technology and compliance partner.

Let’s talk