5 Ways To Recognize a Phishing Email
Over 90% of targeted cyber attacks come through email. End-user training is a major factor in the way a business can combat these attacks. Here are 5 ways you can recognize a phishing email.
1. Asking for Personal Information
If an email is asking for personal or company information, this is a red flag that the email is fake. Legitimate companies are unlikely to ask for personal information or account logins in an email. Be aware that hackers will use email addresses or companies that can replicate or mimic persons you may know or trust.
The example below is a fake PayPal email that is asking for account login information. This email looks legitimate, but if you notice the link leads to a .ma URL, which is the country code for Morocco. Our next tip demonstrates how you can double check suspicious links.
2. Hover but Don’t Click
If you suspect a fake or malicious email link, simply use your mouse and hover over the link. If the alt text looks strange, or the link is not related to the sender in any way, do not click on the link. Sometimes a link will not match and be legitimate, it is better to be safe than sorry and report the email to your IT team or SOC (Security Operations Center). In the example below, by hovering over the Click Here link, the address did not match the marshall.edu email address.
3. Check for Spelling & Grammar Errors
Many phishing emails originate from outside of the US. Because of this, phishing emails will have consistent misspellings and grammar mistakes due to the language barrier. These emails tend to be obvious. If you encounter an email that is consistent with spelling and grammar mistakes, chances are you are looking at a phishing email.
4. Beware of Urgent Calls To Action
Hackers try to scare recipients with some type of “urgent” situation. Here are some examples.
- Something is expiring, Click Here
- You have been hacked, Click Here
- You have 24 hours
- Immediate attention required
- You need to login
- Renew immediately
Legitment businesses normally do not require some type of immediate action. If you come across these “urgency” emails, be sure not to click on any links in the email or give out any personal information.
5. Always Check the Display or From Name
A common tactic of hackers is to use actual names of people in your organization and sometimes spoofing domain email addresses. If you suspect an email to be fraudulent, always check the display name and email address. Most often they will not match your company’s domain email address, or it will be close but slightly different. As cybercriminals use advanced technology to send these emails, sometimes these are harder to detect. Look at the 2 examples below to see how a hacker will try and gain access to important data.
Having a robust cybersecurity program can detect and eliminate most of these phishing emails. Accellis Technology Group uses the most advanced technology to prevent these types of cyber attacks from being successful. Barracuda Essentials and Barracuda PhishLine are 2 examples of the products we employ to our clients.
Potentially devastating attacks can slip through security gateways. With end-user training, you guard against every facet of social-engineering threats with continuous simulation and training for employees. For more information on employee PhishLine training, fill out the form below and one of our cybersecurity experts will contact you at your earliest convenience.