How to spot a ‘phishing’ email (beginners guide)

Below are some examples of Phishing emails that have been sent to our ECN Team. For each example, we have pointed out the elements of the email that will help you to pick out emails that are sent by scammers. This list is not a full list and it should be used as a guide only.

If you have any concerns about any emails you have received, please contact our ECN Tech Support Team who will help to identify if an email is a scam or not.

Example 1

In our first email you’ve just received an email similar to following:

It may be tempting to press the “log in to my account” account button and receive your $-80.06 payment, but not all is as it seems. This is actually an attempt at phishing: creating a legitimate looking email that is designed to obtain your account details for some other 3rd party to use later for their own benefit.

Take a closer look at email. The first hint is the “total” and “due date” sections:

The total is actually a negative amount and the date has been spelt incorrectly. The next hint is in the body of the email itself:

“Payment server” is not terminology normally seen on your monthly invoice and the abrupt change in font sizes and typeface.

For further verification you could also compare your actual account number to the account number listed in the email and you will quickly find the two do not match.

Example 2

In our second example, the email has an attached “zip” file called “copy_invoice_532EA8E6.zip”. It is rare for legitimate organisation to send invoices in “zip” format and this should raise the first flag that something is not right.

Looking closer at the email we can see the senders email is BryantWerner55267@shatel.ir, the email address raises further flags:

*The domain is “.ir”, this is the Internet country code for Iran

*Corporate email addresses do not tend to contain strings of numbers like “55267”, these are generally found with free email addresses from services like Gmail or Hotmail where a name has been taken and the system generates a number string to make the address unique

*The email mentions “we spoke about yesterday”, if you did not speak with a “Werner Bryant” from “Coherent, Inc” yesterday, why would he mention this?

*The company listed on the email is not a company you do business with, in the example “Coherent, Inc” is used.

Example 3

In the final example, once again the email received contains a “.zip” attachment however the sender has asked us to “sign and return”.

Once again we note the following:

*The senders email address contains a number (58 in this example), this is not common with corporate email addresses

*The zip attachment is labelled “to_sign_inv_5100D746.zip” since it appears the invoice number is contained in the file name we can check this number against our internal records

*Allan Kirk signs his email as being from “ParkerVision, Inc” however his email address is “@thecampbellgroup.us” – these do not match

The three above example are just a small sample of “phishing” emails, if you’re still not sure, you can use a method known as “out of band authentication” to verify the legitimacy of the email. This can be done by calling ECN or your service provider and asking them to verify they sent the email in the first place.