Phishing is a growing attack vector and chances are you have a phishing attack in your inbox right this moment. One wrong click and a company can lose on average 1.6 million dollars. Such a massive payday for cybercriminals means that these attacks are only going to become more common.
Always Do Your Research
Having spam filters installed helps monitor and prevent the delivery of spam emails. However, no matter what protocols are in place, some phishing emails will make their way into a user’s inbox. Those emails that do bypass filters are incredibly sneaky, and a vast majority of users may not be able to tell the difference. Knowing this means that training is critical.
Not sure if the email you just got is phishing? Here are eight things to look for that you can help you determine if an email is real or fake.
Cybercriminals heavily rely on using a seemingly legitimate display name in a user’s inbox in hopes that the user is not looking at the sender’s address. At first glance, the email below appears to come from Mark Zuckerberg. But when you take a more extended look, the email address listed is not actually coming from Facebook (see the extra o used), but a domain that was designed to spoof Facebook.
Always make sure to double-check the address when you receive a suspicious email!
There are bound to be links embedded throughout the body of the email. If you’re unsure about them, hover your mouse, but DO NOT click on the email. This way you can see what site the link will actually be taking you to without clicking.
If an email is coming from a legitimate brand or sender, there should not be any glaring spelling mistakes or poor grammar. Read the suspicious email carefully to see if it seems out of the ordinary. If so, make sure to report the email to your IT department.
Most brand emails will personalize the greeting of an email with your first name, not something vague such as “Valued Customer.”
Is the email in your inbox asking for personal information such as credentials, or maybe even your bank account information? Chances are then that the email is spam. Companies or collogues should never be asking for this type of information over email. If you’re still not sure, pick up the phone and give the sender a call if you can.
Cybercriminals often try to instill a sense of urgency or fear into those they target. Be on the lookout for a subject line that claims things such as “Suspended Account.”
The lack of a signature in a brand email can be a dead giveaway that something is off. A signature typically provides contact information and other details.
It is not uncommon for cybercriminals to include malicious viruses in email attachments. When clicked, these files can do damage to your computer, steal your login credentials, and even monitor your habits. If you are not expecting an attachment or it looks off, DO NOT open it!
Unfortunately, phishers are incredibly skilled when it comes to tricking users. That’s why it’s so important to stay educated and learn the telltale signs of a suspicious email. Just because it looks convincing at first glance, doesn’t mean that it is. When in doubt, don’t click and always forward suspicious emails to your IT department. It will save you from a potential headache and your office will be eternally grateful for avoiding a cyberattack.