Ransomware files
May 05, 2020
 PhishingPhishing SimulationSecurity Awareness Training

How to Detect Phishing Emails

Through the years, phishing email scams have become more sophisticated and have evolved to avoid detection.

With the abundance of SaaS applications, phishing scammers are impersonating these services and sharing fake documents or folders in an attempt to infect your computer.

In this blog, we’ll discuss some common ways you can spot a phishing email.

If you receive an email that looks like it may be phishing, check the “show details” dropdown under the sender’s name. You will see a section labeled as “signed-by”. This field can help determine if an email was shared securely from a service.

The goal is to determine if the signed-by field was generated by a DomainKeys Identified Mail (DKIM) or a service. A DKIM attaches a domain identifier to the signature to display an email generated by a user in the domain. For example, if you received an from [email protected], you would see a DKIM in the signature that looks like this datto-com.20150623.gappssmtp.com. This is how all emails through a domain are processed.

Emails shared through a service (i.e. Drive, Calendar, Dropbox, Box, Etc) do not have a DKIM. Instead, you would see the signature of the provided service. If something is shared through Dropbox, for example, you would see signed-by dropbox.com.

Below is an example of a secure file that was shared through Google Docs:

Note the “mailed-by” section is signed by a service.

Now let’s look at the phishing email that was sent out to millions of inboxes.

Besides the giant red banner warning, you can tell this is risky because:

  1. It was a shared file that was BCC’d and not shared privately from the service.
  2. Note the suspicious “to” address [email protected]
  3. The subject has a very generic name.
  4. The signed-by field is sent from an email and not the service (should be something.bounces.google.com or something.dropbox.com). The mailed by field also should list the service it is being sent from.

If you receive a file, and it is not signed by google.com, gmail.com, dropbox.com, it is likely phishing, so DO NOT OPEN. Much like dealing with ransomware, it’s important to remain vigilant and operate with caution in these circumstances.

Live-Zoom-Webinar-Reg

SaaS Data Under Siege: Ransomware’s Rising Threat

Your cloud data could be just as vulnerable to the next wave of cyberattacks as data hosted on-premises

Download Now

Office 365 logo

Secure Office 365 data protection. Backupify delivers fast recovery of Exchange, OneDrive, SharePoint Online, Calendar, Contacts and Microsoft Teams data.

LEARN MORE

Office 365 logo

Google Vault alone does not ensure your G Suite data is recoverable. Quickly restore lost data from Gmail, Calendars & Contacts, Drive and Shared Drives with Backupify.

LEARN MORE

See Why Backupify Wins SaaS Backup

VIEW MORE