Is it phishing? How to check a suspicious email

By now everyone is aware of scam emails, and what phishing is. It is very prevalent. It takes over our inboxes on an everyday basis, posing security threats to our sensitive data. It can lead to identity and money theft, systems, and network vulnerability, data loss, and damage to your reputation. It can happen to an individual, and to any organization at large.

Frankly, phishing is more frustrating than spam. And it is not going away.

Cybercriminals keep sending these scam emails because they work. Even though everyone is talking about phishing, people still fall for it: malicious senders are smart and utilize techniques to trick you into clicking on the link.

Is it a legitimate email?

Here is an example of an alert email one of our team members received just now. It appears to come from Rackspace, so one may assume it must be real.

Since we provide managed services, including hosted email solutions, and run our own email setup, we know that Rackspace will not send a notification like that to the end user.

Someone who does not do IT for a living may and does not have technical insight can get tricked into clicking on the email’s call to action – the links that urge you to release or to preview messages.

Clicking on potentially malicious emails may lead to a dangerous URL. You can and up at link’s destination that can trick you further into giving out your login credentials, or exposing you to computer viruses and other threats.

Remember Tip #1. The phishing email will most likely appear to come from a source you trust. 

The point is – cybercriminals count on the familiarity factor. For example, if your email is hosted with Rackspace, you are more likely to trust the alert notification from Rackspace. If you have an account with a credit card company, you are likely to believe that message may be legitimate.

Don’t be fooled by logos, copyright notifications and other “credibility” items. Inspect the email carefully, without clicking on any links.

How to inspect email for malicious links

In this example, the email comes from someone as “[email protected]”, which in itself is a bit suspicious. Brand name companies will use brand name in their sender addresses for official notifications.

Here is how to check the destination URL to see where it is  actually going to lead.

As you can see, the destination URL in question does not appear to have anything to do with Rackspace itself. That’s another clue pointing out that this is not a legitimate email.

Remember Tip #2. Never click on any links in email that gives you an iota of suspicion. 

But what about the mass emailing campaigns? Many companies, ourselves included, use third-party marketing and other platforms, where the destination link may use third-party URL that may not look anything like a brand URL you expect to see.

How to do a blacklist check for the destination URL.

In your browser, go to the website that provides domain verification services. We recommend using MXToolbox Blacklist Check. Run the domain name in question through the blacklist check there.

In this case, the domain in question turned out to be flagged and blacklisted by four major blacklisting authorities.

Blacklisting is a serious business. If domain in question has been blacklisted (which can happen to legitimate domains, too, for various reasons) – AVOID those domains at all costs.

Many workers now have remote options for  accessing their data, network, and emails. Some use multiple email clients (software, such as Outlook) to connect to their emails, including webmail. The interface of the email client may vary, and the way emails come through – as pretty HTML or plain text – may vary. That can add to the confusion about email being legitimate or not.

When in doubt, make a direct phone call to the sender or the service provider  you received a message from, to be sure.