Common Indicators of Phishing Attempts

If you want to improve the security posture of your business, a good place to start is by making employees aware of the common indicators of phishing attempts. Phishing is the most common method used by cybercriminals to gain initial access to business networks and is used to install malware such as backdoors, provide network access for ransomware gangs, and obtain sensitive data such as login credentials and the personal information of employees.

The biggest cause of losses to cybercrime is business email compromise attacks, which cost businesses almost $2.4 billion in 2021 according to the Federal Bureau of Investigation (FBI). The corporate email accounts that are used to conduct those attacks are commonly compromised using phishing. FBI figures show phishing (including vishing, smishing, and pharming) was the biggest cause of losses to cybercrime in 2021 by victim count, with more than 3.9 times the number of complaints as the second main cause of losses.

To make matters worse, phishing attacks are increasing. During the pandemic, phishing attacks doubled, and they are also becoming more sophisticated. While employees may believe that they can identify a phishing email at 20 paces, the reality is that these scam emails are becoming much harder to spot. Phishing simulation exercises on employees show that the confidence of employees in their ability to spot the common indicators of phishing attempts is often misplaced.

What are the Common Indicators of Phishing Attempts?

One of the best places to start if you want to improve your defenses against phishing attacks is to train the workforce on the common indicators of phishing attempts. Phishing uses a lure to get individuals to take a certain action and thousands of lures are used in phishing campaigns. Those lures may be diverse, but there are common indicators of phishing attempts to look out for that are present in most phishing emails. Learn about these phishing techniques and it will be easier to spot phishing attempts that arrive in your inbox, or are encountered in SMS/instant messages, and on the web. Bear in mind that these are simply common indicators of phishing attempts. Phishing emails will not include all of these indicators, but they should raise your virtual hackles if you any of these in an email.

Mismatched Display Names, Email Addresses, and Domains

The display name of the sender of an email can be forged and made to appear like the contact is known. The sender’s name should match the domain name of the email address, and if the email has come from a company, the company domain should be used, not a publicly available domain such as Spelling changes, such as transposed letters and numbers, and special characters are often used in domains to make them appear to be legitimate at first glance. Carefully check email addresses and compare them with email addresses in previous email conversations or the address book if they look unfamiliar.

Spelling Mistakes and Grammatical Errors

Legitimate companies do not have spelling mistakes or grammatical errors in their communications, as several checks are performed prior to sending those messages. The strange wording of emails, incorrectly used synonyms, and grammatical errors are among the most common indicators of phishing emails.

Generic Greetings

In the digital age, any company you hold an account with will have your name on their email list. If an email has a generic greeting such as “hello,” “Dear customer,” “salutations,” “Dear username,” or another unfamiliar greeting, it is a sign that the person sending the email does not know your name and only has your email address.

Unfamiliar and Unsolicited Attachments

Attachments are often used in emails that incorporate malicious code. Executable files are attached to emails that will install malware if clicked, compressed files are used to shield malicious content from email security solutions, and Word, Excel, PowerPoint, and PDF files often include links to click or contain macros. If the attachment is not recognized, it shouldn’t be opened, and never enable content in Office files unless 100% sure about the authenticity of that file.

Links to Unfamiliar Websites

Links to websites are usually included in phishing emails, but these can be masked to make them look legitimate. The display text (anchor text) of any link can be set to anything or could be a button or image. Hovering the mouse arrow over the link will reveal the actual URL, but even this may not be the final destination URL. Redirects are often used, so also check the URL after landing on the website and make sure that the domain is the official one used by the company the website claims it belongs to.

Requests for Sensitive Information

Phishing is commonly conducted to obtain sensitive information such as credit card numbers, Social Security numbers, bank account information, and login credentials. Sensitive information may be requested via email, but the information is commonly harvested on websites, and they can appear identical to the websites of the companies they spoof. Before divulging any information, it is vital to check that the domain is the official one used by the company and be wary of any subdomains that include a company name. The domain “” is not a Microsoft-owned domain. Check the part of the domain after the second-last dot to find the actual domain and ignore anything after the / after that domain name.

Urgent Call to Action and Threats

Phishers try to create a sense of urgency to get message recipients to act quickly without fully considering the legitimacy of the request or checking for common indicators of phishing emails. This is often achieved with a threat of negative consequences if no action is taken or if action is not taken quickly. Your account faces closure, charges will be applied, you will lose access to a service, you will face legal action, or an arrest is imminent are all common ways to create urgency in phishing emails.

Out-of-Band Requests

Phishing uses social engineering techniques to get people to do something they would not normally do. Many requests seem legitimate, but if you stop and think they are a little unusual. Any out-of-band request is a major red flag, such as making a payment using an iTunes or Amazon voucher, arranging an urgent bank transfer to a foreign account, disclosing your password via email, or sending employees’ W-2 forms via email. If in any doubt, verify the request with a quick phone call and never use the contact information provided in the email.

Too Good to be True Offers

If an offer sounds too good to be true, it probably is not true. Fear of missing out on a bargain is a common emotion elicited by phishing emails, especially during busy online shopping periods such as the run-up to Christmas and Black Friday/Cyber Monday. If you are offered a great deal, access the referenced website using trusted contact information to check, and do not use the link supplied in the email.

How to Develop a Security-Aware Workforce

It is not possible to develop a security-aware workforce by getting every employee to read an article about phishing. What is needed is a comprehensive security awareness training program for every member of the workforce. The training should cover security in general, teach cybersecurity best practices, explain the need for cyber hygiene and what that means, as well as teach individuals about the common indicators of phishing attempts. During training, quizzes should be used to make sure the training has been understood, and phishing simulations should be conducted to identify employees who are making mistakes to allow them to be provided with extra training.

Security awareness training should not be a one-time event, and annual training is no longer considered the best practice. To create a security-aware workforce, training needs to be ongoing and provided in small chunks throughout the year. Only through regular security awareness training can businesses ensure that their workforce is kept aware of the latest phishing threats. With regular training, when a real phishing email lands in an employee’s inbox, they will recognize it for what it is and report it to their security team.

Security Awareness Training from TitanHQ

TitanHQ is a leading provider of cloud-based security solutions for combatting phishing and other cyberattacks. In addition to providing email security and web security solutions for blocking phishing attacks, TitanHQ also provides security awareness training for the workforce.

If you want to improve security awareness and bolster your defenses against phishing and other cyberattacks, speak to TitanHQ today about getting started with the SafeTitan Security Awareness and Phishing Simulation Platform – The only behavior-driven security awareness training platform that delivers training in real-time.

Product demonstrations can be arranged on request to show you how easy the solution is to use for training the workforce and conducting phishing simulations, and you will learn how quality training content can significantly reduce the susceptibility of the workforce to phishing attacks.