Remember that time you got an email from an African prince, who just happened to select you to help him out? For doing so, you'd be handsomely rewarded. I mean, it's an African prince–he can afford to do things like that, right?

That's how obvious the early phishing emails were. While these phishing emails still exist, today's spam filters, and a little common sense, prevent most would-be victims from sending money to pseudo-princes. But, fraudulent emails are becoming increasingly tricky and sophisticated. Fraudsters can add your name and other customized details to messages.

For businesses, the risk of phishing emails can be much greater than an individual consumer. Most hacking incidents are not done to acquire consumer credit cards numbers, but instead to steal business technology and intelligence. To do this, hackers use many methods to breach a company's digital security firewall, including email.

There are several common symptoms of fraudulent emails to help identify even the trickiest phishing emails. Here are a few of the most common warning signs:

Grammar Mistakes

A common symptom of fraudulent emails is poor spelling and grammar. Sure, some people might just be bad at spelling. But, if it's a new contact and you see a multitude of errors, then the likelihood of it being fraudulent has increased. This is especially true for B2B emails coming from larger businesses. Salespeople understand the value of first impressions, and will be careful not to discredit themselves for simple grammar mistakes. Emails and confirmation notices use automated templates which are carefully and painstakingly crafted. Grammar and spelling mistakes in these types of emails is extremely rare.

If you notice obvious grammatical mistakes, it doesn't mean you should delete the message right away. Just make a mental note as you continue reading the email and take precautions if you decide to interact with the sender.

The Sender Is Overly Enthusiastic

When you're drudging through emails from demanding customers all day, it's relieving to come across someone who's happy or even excited about working with you. But, exaggerated enthusiasm can be a method of deception. The goal for a fraudster is to make you so eager to work with them that you do whatever they ask–whether that's wiring them money or giving out sensitive information. Displaying enthusiasm is one trick they use to get your guard down.

Is every enthusiastic emailer a spammer? Of course not. But it is worth watching out for.

The Sender Doesn't Come Up In Search Results

There are yellow flags–like grammar and enthusiasm–and then there are red flags. If you search for a sender's name, company or phone number and nothing comes up, that's a major red flag! Because of today's demand for internet presence, any legitimate businesses will show up in the search results. Even if they lack a website, their company name should show up in reviews, business listings, or other online resources (like social media). The same goes for their phone number.

If the sender doesn't show up in search results, be extremely cautious if you decide to follow up with them. Remember, spammers can be very sophisticated and it's possible they have a phone line rigged to make their business seem credible.

Unusual Formatting

A lot of fraudulent emails use slightly unusual email addresses, file types, and more. To the untrained eye, these small details can go unnoticed.

Email formatting

An easy formatting red flag is a misleading url in the email address. If the root url is on the left side of the address, that's a clear sign of a fake email address. For instance, john@pepsi.com.infoco.ac. You can see the actual domain of that email address is infoco.ac instead of pepsi.com.

According to studies, over 30% of phishing attacks in 2013 used the names of leading banks, payment systems and online stores, including MasterCard, Visa and American Express.

The following small details are easy to miss if you don't know how to look for them. Look at the image below, and you'll notice the “from” field appears to be an American Airlines address. However, the email address that's actually used has nothing to do with American Airlines.

File formatting

Be careful opening any attachments sent in unusual formats. In the image above, they attached the airline tickets as a word document. In almost every conceivable situation, a real airline will never send you a word document. A file scanning software will help identify dangerous files like this. If not, you should be extra cautious when deciding whether or not to open a file from a new contact.

A Refresher On Basic Phishing Email Warning Signs

If you haven't come across a phishing email in a while, it's possible to miss the more basic warning signs. Here's a list of things to look out for when opening emails:

• The link destination and link text do not match (the ‘Bait and Switch'). Before clicking on an email link, place your mouse cursor over the hyperlink. Most email programs will display a small box showing where that link will send you if clicked. If the text of the link and the destination are clearly different, it's likely someone is trying to trick you.



• The email asks for personal information or money. If a new contact asks you for money or personal information, steer clear. But, it doesn't have to be money they ask for–it could be company information. They may even request information that you occasionally share with other people. Before you send any confidential or secure information, be absolutely sure you can trust the person on the other end.
• The message seems to good to be true. You know not to wire money to a foreign prince, but you might not suspect a person placing an order. Large orders from customers outside your normal market is a warning sign. Before proceeding with the order, take measures to ensure the person and the order are real.
• Orders with different billing and shipping addresses. When using a stolen credit card, thieves will use the credit card's correct billing address with their personal shipping address. This bills the credit card victim while sending the product to the thief. Oftentimes, these addresses are geographically far apart (hundreds of miles or more). If someone is attempting a transaction with you using inconsistent payment information, consider speaking with them directly to understand why.
• The message is from the government. Fraudsters commonly choose to imitate the government agencies or departments. If you get a message from the government that doesn't quite make sense to you, make a phone call to be sure the message is legitimate before taking a requested actions.
• Something's ‘just not right'. Today's phishing emails aren't covered in red flags. If you get a message from someone, don't notice any specific warning signs, but it just doesn't seem right, proceed carefully. Don't take any actions you're not completely comfortable with. If they are real and important enough, they'll reach back out to you.

You Identified A Phishing Email. Now What?

Being able to identify a phishing email is great. So what next? The easiest and safest action is to immediately delete the message. You can also report the email. The Federal Trade Commission offers a couple options: send the email information to spam@uce.gov. Include the company being impersonated and the full email header. Or, you can send the email information to The Anti-Phishing Working Group, an agency that fights against phishing.

To stay safe from any potential threats, remember the warning signs and be observant. Finally, despite the temptation, just say “no” to any and all unsolicited offers from royalty.

Looking for some help? Contact Conquest Graphics at 800-707-9903 and tell us what you're looking for.