Identifying a Phishing Email – Cyber Safety 101
Phishing emails these days are getting more and more clever. By now, we’re all used to the common phishing scams that have been gracing our spam folders for years, but cyber criminals are being innovative. That’s why it’s essential to be able to know a phishing scam when you see one.
According to the APWG Phishing Activity Trends Report for the third quarter of 2020, phishing is still very much commonplace, with the number of phishing attacks increasing by 25% compared to the second quarter.
So, how can you identify a phishing email?
Checking the Sender
The email address can be a big giveaway of a phishing email. Although some senders now can mimic genuine addresses of companies, a lot of them don’t. So, keep an eye out for Gmail/Microsoft or Yahoo email addresses, or odd domains. Have an eagle’s eye for slight typos too, as this is how some phishing emails slip through the cracks. For example, @mazon.com instead of @amazon.com could easily be missed if you’re not paying attention. Even if the sender’s email looks legit, you still need to be wary, especially if you come across these other factors.
This doesn’t always happen, but many spam email attacks have some type of spelling or grammatical inconsistencies, which is much less likely to happen with genuine companies. Many businesses hire copywriters and editors to ensure that any newsletters or emails that are sent from the company are errorless before they go out.
You should also look out for odd words/phrases and sentences that are “technically” correct, but that no-one would ever say. If it seems out of the ordinary, there’s probably something wrong.
Most companies will never send you a link to reset a password or claim money or dispute a transaction randomly. Some bank’s fraud prevention teams will call you but authentic links are usually only sent out if you’ve directly requested a password reset email, for example. If you do come across a link, you can hover over it without clicking on the link itself.
If the destination address looks suspicious and doesn’t appear to be the official website of the sender, this is a huge red flag. Sometimes the link will be written out to look official, but the actual hyperlink associated with it is masked by a domain shortener like Bitly.
Request for Personal Information
Legitimate companies will never email you out of the blue requesting personal information like bank details, passwords, or security phrases. Anything that asks for this is more than likely a phishing email.
Empty Threats or Sense of Urgency
Usually, phishing emails try to scare the user into clicking the link and or make a payment. For example, they could be threatening to arrest you for tax fraud if you don’t pay X amount by X date. Or, a less alarming but still common example is the threat of deactivation of accounts. Some companies do deactivate idle accounts, however, this is usually just resolved by signing in. You should do this directly on the site on a separate webpage as opposed to clicking the email link to be sure.
How to Protect Yourself Against Phishing Attacks
A skeptical eye can go a long way whenever you receive an email. Now that you’re fully equipped with the telltale signs of a phishing email, you’ll be in a much better position to not fall victim to one.
Keeping yourself educated about the topic and the latest tactics scammers are using will help to reduce their chance of success. The truth is that their phishing attempts can be lucrative because people are so easily convinced by phishing emails.
So take a step back and think. The next time you have a suspicious feeling about an email or a text you receive. Don’t click on it. Report it. Reporting these attacks allows the cybersecurity teams at big firms to tackle the issue and prevent it from happening again in the future.