Any business can be targeted by a phishing attack, and most will be at some point, so it's vital that you and your staff know how you can spot a phishing email. We know of a business that recently lost £22,000 to a phishing attack, and the scams are becoming more complex every day. In this post, we'll explore how to use the DAC method for spotting phishing emails.
A phishing email is when a hacker sends you an email or a text message aimed at tricking you into providing information, such as usernames, passwords, or credit card numbers, or persuading you to click on an attachment that will infect your computer with something nasty. All this is aimed at eventually stealing money from you or your business.
Years ago, scams often seemed laughably obvious and spotting phishing emails was easy. A time went on, phishing became so sophisticated that now, even I sometimes have to look twice at emails and think to myself, 'is this genuine?' – and I work in IT security.
Check out our blog post for more information on what phishing is and how to prevent it. However, if one does make its way into your inbox, what are the ways to spot a phishing email?
The DAC Method for Spotting Phishing Emails
The DAC method is a great way to spot a phishing email. It stands for Domain, Action and Content.
The domain is the part of an email after the @ symbol. For example, if I worked for the BBC, my email address might be 'firstname.lastname@example.org'. The domain here is 'bbc.co.uk'. In personal email accounts, the domain is typically 'hotmail.com' or 'gmail.com'.
The first part of the DAC method for spotting phishing emails is the domain. Take a look at the email you received. What domain was it sent from?
Recently, I received a phishing email that claimed to be from NatWest, a British bank. Of course, if you bank with NatWest and were to see this email, you'd probably automatically give it your attention; seemingly, you have an important message about your bank account. However, when I looked at who had sent the email, it had come from ‘email@example.com'.
That is not NatWest. Any emails from the actual NatWest bank would come from their domain – 'natwest.com' – and not from 'securesuite.net'. The domain that this email uses, 'securesuite.net', will have been created specifically to trick readers into thinking the email has been sent securely.
We looked up 'www.securesuite.net' so you wouldn't have to; there isn't even a website for this company. So, by checking the domain, we can spot the phishing email immediately. This is especially important for things like banking or phishing emails that seem to come from within the company.
So now we move onto the A in DAC, which stands for action. What action is the email encouraging you to take?
When spotting phishing emails, remember that all phishing attacks want you to take some form of action from that email, whether that's sharing information, clicking a link or opening an attachment.
- Links - a link will often take you to a page instructing you to enter some personal details.
A common phishing scam is you might see is an email seemingly from Microsoft 365, which looks like someone has accessed your account or is trying to share a document with you. When you click on the link in the email, it takes you to a web page that looks a lot like Microsoft 365, but it isn't a legitimate page. If you enter your Microsoft 365 login information, that's it – the hacker has full access to your account.
So how can you get around this? How do you know if a link is dangerous or not?
If you hover over the link in your email – without clicking on it – a box will pop up telling you where this link will take you. Check the domain and make sure the link is from a reliable source.
- Attachments - some phishing emails have attachments, and things can get more tricky here.
Sometimes these attachments pretend to be invoices or courier consignments - it can be tempting to click on these.
A good way to spot a phishing email is if you expected to receive the email. If you're not expecting the email, don't open the attachment. However, if you are worried about missing something important, and the source seems to be a reputable company, contact the company directly and verify whether or not the email is real. Do this either through their website or using their official phone number – don't use any of the contact details from the email.
If the email supposedly came from someone you know, check with them through another channel before you open anything.
The third way to spot a phishing email attempt is by looking closely at the content in the email.
Firstly, the grammar. Cybercriminals often have English as a second language, so the grammar in the phishing email might not be quite right. If you pay close attention to the content of the email, there is usually something that gives it away – look for misspelt words, capital letters in odd places and sentences that don't quite make sense.
Secondly, the content. The content in these emails is often urgent because hackers want you to do is act quickly. They don't want you to check the domain or the action or the content and risk spotting that it's a phishing email; they want to put some urgency into it. They often use banks or invoices as a front because the fear of losing money spurs people into action.
If you'd like to implement more security measures to minimise your risk of a phishing attack, please see our blog post on reducing your chances of being hacked.
So there you have it: the DAC method for spotting phishing emails. You don't always need expensive software – you just need to know how you can spot a phishing email and make sure your team does too.