Email has become essential for everyday communication, both personally and professionally. Because of its importance, it has become one of the most common methods that cyber criminals use to get your sensitive information. In fact, over 90% of data breaches start with a phishing attack.
Phishing is when a cyber criminal sends a fraudulent email message that impersonates a legitimate person, company, or organization. Because these emails look so real, they trick recipients into clicking on links, downloading harmful attachments, or entering personal information.
Verizon found that 30 percent of all phishing email recipients open messages and 12 percent actually click on the malicious email attachments. Since Phishing emails are becoming more and more common, here are a few things to look for to keep you from getting hooked by a phishing scam.
- Check the email address:
Phishing emails almost always use fake email addresses. Cyber criminals like to use misspelled email addresses that look very similar to well-known companies, brands, or people. For example: @Paypl.com, @ctibank.com, or @facebok.com. At first glance, they look correct, but are there to trap people. So always check the email address carefully, especially the part that appears after the sender’s name. If it doesn’t feel right, check first with the source by a phone call.
- Who is it sent to:
Check who the email was also sent to. If you see a lot of other names included in the to: or cc: fields of the email, it may be a red flag. Most large companies use email marketing software, like Mailchimp or Constant Contact, which rarely shows you who else the email was sent to. However, cyber criminals aren’t likely to use marketing software to send their emails. This is likely an indication that the sender is trying a whole range of addresses in hopes of getting someone to click and open it.
- Don’t click:
Cyber criminals try to lure victims in by embedding malicious links in their emails. Usually these emails include some kind of warning about stolen information, notice of an invoice or missed payments, or a shipping notification. These are meant to scare the recipient into clicking on the link. They could also use the tactic of saying you won a prize and you have to click to claim it. Since people love free stuff, they are likely to click the link. However, when you click on these links, it usually takes you to a corrupt website where they try to get your personal information or download harmful files. So, instead of clicking on a link, first hover your cursor over the URL or hyperlink. When you do this, a box will appear showing you the exact address where the link will take you. If the real URL address looks suspicious or doesn’t match what is displayed in the email, it’s probably a phishing attempt and you should not click.
- Scare Tactic
Cyber criminals like to use scare tactics or urgency in their emails. This is to cause fear and concern in people to get them to click on a link or share personal information. If the email says “urgent action required, respond immediately, or warns you that your account has been compromised or will be closed,” it is likely a phishing email. Don’t hesitate to call the company to confirm if something is wrong.
- Poor Spelling and/or Grammar:
Whenever a large company send an official email, it has likely been reviewed and proofed by several people for spelling and grammar mistakes before it is sent. So, if you receive an email from a reputable company that includes misspelled words, bad grammar, or punctuation errors, it is likely a scam.
- Generic Greeting and Closing
A legitimate business you have worked with before, your bank, your credit card company, likely know your name and will use a personal salutation with your first and last name. Same with the signature. Legitimate businesses usually provide contact details in the signature so you can contact them back.
Now that you know what to look for, here is a sample of a phishing email. Can you spot all of the warning signs?
Sources:
https://www.techrepublic.com/blog/10-things/10-tips-for-spotting-a-phishing-email/
https://www.proofpoint.com/us/corporate-blog/post/10-tips-how-to-identify-phishing-email
https://www.cnet.com/how-to/spot-a-phishing-email/
https://www.csoonline.com/article/3172711/phishing/5-ways-to-spot-a-phishing-email.html
https://smallbiztrends.com/2018/05/how-to-spot-a-phishing-email.html
https://securitywatch.pcmag.com/spam/317892-how-to-recognize-and-avoid-phishing-emails-and-links