How to Spot a Phishing Scam

We’re all familiar with ransomware and its risks, but do you know how to protect yourself and your clients against one of the most frequently used delivery methods? According to Datto’s State of the Channel Ransomware Report, 66 percent of MSPs surveyed revealed that phishing emails were the main delivery method for ransomware attacks.

Rob Rae, VP of Business Development, Datto
Author: Rob Rae, VP of Business Development, Datto

Phishing scams are getting more sophisticated on a daily basis, making them difficult to detect and avoid. With the abundance of file sync and share platforms, phishing scammers are impersonating services and sharing fake documents or files to infect victims’ computers. We’ve compiled a list of tips below on how to best prevent a phishing scam from successfully infiltrating your business or your clients’ businesses.

  1. Upon receiving an email, review the sender's information. Even if it seems to be from someone you know it might be a phishing scam. Check out the “Show Details” dropdown under the sender’s name and review their email. If there seem to be odd characters included in the email, this should raise a red flag.
  2. Next, take a look at the subject of the email. Is it specific or is it very generic? If so, it may be a sign of phishing. In addition, if you think it is from someone you know or work with, does it sound like something they would normally write to you? If not, question it.
  3. Your next step is to look at the email itself. Is the sender asking you to download any documents or to click on a link? If you have any doubts about the content, do not click on or download anything. One way to double-check a link is to right-click and copy the link address. Then go to Google search, NOT YOUR BROWSER, and simply place it in the search bar. You might see that others have written about having this link sent to them and the impact it had.
  4. Your next goal is to determine if the signed-by field was generated by DomainKeys Identified Mail (DKIM) or a service. A DKIM attaches a domain identifier to the signature to display an email generated by a user in the domain. For example, if you received an email from [email protected], you would see a DKIM in the signature that looks like this: This is how all emails through a domain are processed.Emails shared through a service like Drive, Calendar, or Dropbox, do not have a DKIM. Instead, you would see a signature of the provided services. If something is shared through Dropbox, you would see:
  5. Check the “To” Address. Has this been blind copied to you or was it sent personally? Does the address look strange in any way? If it does you might have yet another red flag on your hands.
  6. Use the tips above to develop a training video, event, or a document that you can share with your employees and your clients. Education is the first line of defense against Phishing scams and ransomware.

Want to ensure you’re prepared for and protected against ransomware attacks and their various delivery methods? Register for our upcoming 2019 Global State of the Channel Ransomware Report webinar for insights on ransomware from over 1,400 managed service providers.

Author Rob Rae is vice president of business development at Datto Inc. Read more Datto blogs here.