April 17, 2021

How to Spot and Protect Against Phishing Email Attacks

By George Rouse
PhishingSpear PhishingDatto SaaS Defense

Phishing attacks are getting more and more sophisticated, making them difficult to detect and avoid. However, there are also multiple types of phishing attacks so it’s important to deploy a multi layered security approach when protecting your business.

How to identify a phishing attack

For MSPs looking to mitigate phishing risk and identify quickly once an attack occurs. Here how to spot an phishing attack: 


1. Watch out for Social Engineering tactics

Be on the look out for emails that you were not expecting or where you are being asked to click a button to receive and offer.

2. Scan for fake emails

Read the content of the email

The first step in identifying a phishing email is reading the contents of the email. If the email creates a sense of fear or urgency, the email may be suspicious. These emails are designed to instill fear in the reader and encourage them to take quick action without questioning it.

Review the writing style

Another indicator is the writing style of the contents. If the email is poorly written, has grammatical and spelling errors, it’s likely it’s phishing.

Check the sender’s email address

If you receive an email that looks like it may be phishing, check the “show details” dropdown under the sender’s name. You will see a section labeled as “signed-by”. This field can help determine if an email was shared securely from a service.

The goal is to determine if the signed-by field was generated by a DomainKeys Identified Mail (DKIM) or a service. A DKIM attaches a domain identifier to the signature to display an email generated by a user in the domain.

For example, if you received an email from ‘[email protected]’, you would see a DKIM in the signature that looks like this datto-com.20150623.gappssmtp.com. This is how all emails through a domain are processed.

Emails shared through a service (i.e. Drive, Calendar, Dropbox, Box, etc.) do not have a DKIM. Instead, you would see the signature of the provided service. If something is shared through Dropbox, for example, you would see ‘signed-by dropbox.com’.

What to do if you’ve received a phishing email

If you think you’ve received a phishing email, do not open it. Malicious emails typically take two approaches.

  1. Urge you to give away user credentials
  2. Infect your computer when interacting with the email

Much like dealing with ransomware, it’s important to remain vigilant and operate with caution in these circumstances. Phishing emails will try to get you to log in to fake portals to try to steal login data to then steal more data, attack other users while pretending to be you, or change the login and hold the account ransom. With any suspicious emails, immediately delete the email, permanently. If applicable, send it to your internal resource for cybersecurity measures.

3. Review Urls Accuracy

Sometimes phishing email can look like the real deal on the surface but when reviewing the urls or link in the email that can link to fake websites that are deliberately misspelt but very similar to a credible brand. 

4. Spot check the website

Always check the website if you are unsure, is it real? Do you really need to enter your credentials?

5. Automatically Mitigate Phishing Attacks with ATP

Knowing how to do all of the above steps and what to look for is a great first step however doing all of these steps on every email you receive is simply not scaleable for most users. This is where an Advanced threat protection (ATP) Solution like Datto SaaS Defence comes into play. 


Suggested Next Reads

What is a Zero-Day Vulnerability?

A zero-day vulnerability is a software flaw that is unknown to the vendor and subject to exploitation. Learn how to identify them and prevent zero-day attacks.