Advanced phishing

How to spot a phishing link

by James Dyer
Published on 9th Mar 2022

In an age where data protection is on everyone’s minds, it’s critical to understand the dangers that phishing poses for your organization and learn how to detect these threats before a data breach occurs.

Phishing is a type of social engineering attack that cybercriminals use to steal data, and it’s currently the most common cybercrime in the US. Disguised as a trusted entity, attackers send emails that trick people into clicking on a malicious link or attachment. 

Spear phishing is a more sophisticated form of phishing. It’s more successful than standard attacks because they target a specific individual. By gathering information from social media or company websites (OSINT – open source intelligence), the perpetrators craft an attack that the victim is more likely to fall for.

This article will run through how phishing links work and the methods you can use to identify them in the future.

What is a phishing link?

Cybercriminals use malicious phishing links in two ways. Some links lead to fake — but convincing — websites that ask you to enter your login credentials or bank card details, etc. The perpetrator then steals this information for illegal purposes and compromises your account. 

Malicious sites can often ask their victims to enable a specific cookie or install an web extension, which can also be riddled with malicious content. Phishing links can also trigger the download of malware or ransomware onto the victim’s device.

How to identify a phishing link

Phishing emails have evolved since they first came about in the 1990s, and even the most tech-savvy among us are at risk of falling victim to the attack. However, there are a few tell-tale signs you can look out for to spot suspicious links and keep your data secure online:

Does the sender’s email address look legitimate? 

First, check the sender’s address (not just their display name) and domain name. A common tactic of cybercriminals is to slightly alter the domain of a reputable company to convince you that it’s legitimate. They may also use a combination of a company name and public domain to lure you into their schemes, e.g., paypal@gmail.com. Make sure to look twice for any errors or inconsistencies. 

What appears when you hover over the link? 

There are two parts to a link: The words describing the link (the part you see) and the URL. If you’re on a computer, hover over the link and find out its real destination. If it doesn’t match the link displayed, assume it’s unsafe and don’t click it. This is an easy, effective way of spotting phishing threats. 

If you’ve clicked and gone to a website, does it look legitimate?

First, check whether the website is HTTPS secure. Then pay attention to see whether any of the content on the website stands out as suspicious or different to what you were expecting. Sometimes, you’ll also be able to spot copycat links such as ‘wIndows.com’ instead of ‘windows.com’. If you’re being unexpectedly asked for credentials, this should also set off a warning.

Find more advice on identifying phishing websites here.

Are you being asked for personal information? 

If you receive an unsolicited email from a company asking for personal information, such as bank details, passwords, or tax information, it could be an impersonation attack. Reputable companies will have secure data collection methods and will rarely ask for sensitive data via an email link.

Is the message too good to be true? Does it create a sense of urgency? 

Phishing emails usually follow the same trope of being overly positive or urgent to drive an emotional reaction in victims. By urging people to act before it’s too late (for example, a limited-time offer), cybercriminals provoke irrational, immediate decisions. If you receive an urgent offer or request, take some time to figure out whether it makes sense and looks genuine.

Is the email well written and free of typos? 

Reputable entities will take care to send well-crafted emails free of spelling and grammatical errors. A genuine typo could slip in occasionally, but they’re usually rampant in phishing emails. If the email is a generic template filled with mistakes, this is a sure sign of something more sinister.

Is the email personally addressed to you?

Even large companies will address you by your name in the greeting. If you receive an email template with a generic “Dear Sir/Madam” opening, or addressing you by your email address, tread carefully. Go through the list above to check if the email fits any other criteria, and avoid any links unless you’re 100% sure it’s a legitimate message.

Struggling to identify a phishing link?

If you’re still not sure whether a link is genuine or a threat, it’s best to proceed with caution. If possible, go to the site via a web browser search instead. Or if it’s a person or vendor you know, contact them via a different communication channel. Always alert your security team if you think you’re the target of a phishing scam – it’s better safe than sorry where data protection is concerned. 

Worried about clicking a potential link? Here’s what to do.

Explore our phishing hub to discover information and advice on how you can protect yourself — and your data — against phishing attacks. Want to know how your peers and IT leaders across the globe are responding to phishing attacks, and protecting their business? 

Read our new “Fighting Phishing: The IT Leader’s View” report, which is full of key insights and data around phishing impact and protection.

Related articles

7555X300

Seven signs of a phishing email

Don't get caught out! Learn the seven most common signs that you've been targeted by a phishing email. 
Guide to spear phishing hack code 600x400 15kb

What is spear phishing?

Spear phishing is when a cybercriminal sends a fraudulent email pretending to be from a known contact or organisation to trick the recipient into sharing confidential information.
Linkedinphishing555x300

LinkedIn phishing attacks up 232% in February

The attacks we have seen are bypassing traditional email security defenses to be delivered into people’s inboxes. Without technology deployed within the mailbox to help them detect attacks, it can be difficult for individuals to avoid falling victim. You can see in the screengrabs provided that Egress Defend has alerted the recipient to the attack within their inbox. 
Accounttakeoverdanger555x300

How account takeover (ATO) attacks happen

Account takeover (ATO) attacks cause serious damage before they're detected - learn how they start.