Redazione RHC : 14 July 2025 07:29
With the increase in ransomware attacks—often launched via phishing emails—it’s crucial to be proactive in protecting yourself and the organization you work for.
Certainly, having computers and servers that are up-to-date with system and security patches, antivirus software, and other endpoint tools helps greatly in reducing the risk of infection, but being prepared to recognize phishing emails and educating your organization’s employees to be proactive is crucial.
To understand how a malicious actor who threatens us with phishing emails thinks, you can watch Veronica Patron’s interesting video for Red Hot Cyber on Psychology and Social Engineering:
For a general introduction to what phishing is and the types of this attack vector, I refer you to Massimiliano Brolli’s article: https://www.redhotcyber.com/post/il-phishing-cosa-%C3%A8
To keep things simple, I’ll list twelve non-too-technical golden rules:
Many modern email clients or web email providers (like GMail, Microsoft, and many others) MAY NOT SHOW/INDICATE the actual email sender address, but rather an alternate name. For this reason, you may see a name or text that reminds you of a known/trusted address, but the underlying/hidden address is different.
Figure 1
In Figure 1, you can see a fake email sent by ros…..…@libero.it, but actually sent from a real “hidden” email address horten……[email protected] (the figure shows how it looks today). The web mail client of the site www.libero.it and how the information is displayed to the end user.
Unfortunately, the protocols used for email are old (standard email, SMTP protocol) and based on standards that do not guarantee the reliability/trustability of the sender. Readers interested in the details can read RFC 5321 https://datatracker.ietf.org/doc/html/rfc5321 paragraph 7.1 Mail Security and Spoofing
SMTP mail is inherently insecure in that it is feasible for even
fairly casual users to negotiate directly with receiving and relaying
SMTP servers and create messages that will trick a naive recipient
into believing that they came from somewhere else.
So the underlying address could be a known/valid address, but used by malicious third parties, since as indicated in RFC 5231 p. 7.1 The protocol does not verify that a “sender” is actually “who they say they are.”
Hover over all parts of the email without clicking: if the text above clickable elements/links looks strange or doesn’t match the link text, DO NOT click and report the incident to your IT/Security department. See Figure 2.
Figure 2
Attackers often care little about misspellings and grammatical errors. This can distinguish a malicious actor from a legitimate sender. See Figure 3.
Figure 3
“We’ve been hold your account…”: This sentence is incorrect in English. As in Figure 2, the link associated with the red text at the bottom of Figure 3 is also a sign of a malicious email.
Malicious hackers often rush to create phishing sites and prepare scam emails, so some of these sites/emails may look significantly (but unfortunately, sometimes slightly) different from the ones used by the genuine “simulated” companies. These elements, as well as slight differences in logos/branding/icons, can be used to distinguish a malicious email from a legitimate one in your inbox.
Have you received an email with a vague/general opening, such as “Dear Customer” or “Respected Customer”?
Usually, companies that know you, with whom you have relationships, will call you by your name.
See Figure 3a. As in Figures 2 and 3, the link that appears when you hover your mouse over Figure 3a is a clear sign of a scam email.
Figure 3a
The legitimate companies you are connected to NEVER ask you for personal information, or are unlikely to ask you for it via email or phone call (remember Vishing and Kevin’s books). Mitnick on social engineering). See Figure 4.
Figure 4
These malicious emails might try to get you to think you need to do something truly urgent: send money (even just a little) to Claim a large reward or winnings, or, as in BEC/whaling/CEO fraud attacks, pretend to be a manager in your organization, claiming that your Chief Financial Officer needs an urgent wire transfer of a large amount of money.
Figure 5
Figure 6
Most legitimate senders will send an email with a full signature block at the bottom of the email. Additionally, the information in that block must match the text elsewhere in the email. See Figures 4 and 5. There is no block. signature.
In Figure 7, you can see a mismatch between the sender reference and the details on the signature block.
Figure 7
An F-Secure report on the most dangerous types of email attachments states that there is an 85% chance that malicious emails contain .DOC, .XLS, .PDF, .ZIP, or .7Z attachments. These are the files that users often open without hesitation because they are so commonly used in businesses: hackers know this and use it to their advantage. This could be the entry point for software/dropper to launch a ransomware and/or APT attack.
If something doesn’t add up, or seems even slightly out of the ordinary, call a colleague or someone at a third-party company who can confirm whether the email is legitimate or a scam. As a final check, always call and report the incident to your IT security experts.
New phishing scams are constantly being developed. Without keeping up with these new techniques, you could inadvertently fall for one. Keep your eyes peeled for new developments; by learning about them as soon as possible, you’ll be ahead of the curve. a much lower risk of being scammed and falling for it.
For IT administrators, it’s recommended to undergo ongoing security awareness training and simulate phishing attacks for all users in the organization to keep security top of mind.
When in doubt, always contact your organization’s cybersecurity experts.
Malicious attachments and URLs can be scanned using the VirusTotal site:
Extension points to avoid spoofing:
Although phishing can be a difficult topic to deal with at times, following the By following the simple tips and advice outlined in this article (and adopting appropriate phishing prevention software tools as mentioned in the introduction), you can significantly reduce your risk of falling victim to digital scammers.
Redazione