It is difficult for readers to decipher attacks from legitimate emails because phishing email scams are maliciously designed to be manipulative and deceitful. They are so effective that data from 2021 showed 30% of phishing emails were opened by targeted users and 12% of those users clicked on the malicious attachment or link. Those statistics are quite frankly not very optimistic.
Keep reading to discover a handful of tips to identify phishing email scams as they hit your inbox and avoid becoming a statistic for 2022’s data.
Think Inside the (In)box
Most inboxes are hit with tens to hundreds of new emails each day. You must be attentive each time you open your inbox and check your unread messages. A successful phishing email scam has the victim complete an action, such as click a link, enter login credentials, wire money, etc. You may fall prey to one of these prompts if you are not focused on the task at hand and vigilant of potential threats.
The risk of being scammed increases the more distractions there are. Reduce distractions so you can sift through your inbox strategically – turn off the television, set down the sandwich and put the car in park.
Signs of Phishing Email Scams
Here’s the checklist of criteria our team of cybersecurity professionals put together to determine if an email is suspicious:
1. Inconsistent URLs, links and email addresses
Check for small changes in common domains to see if link URLs are consistent with the sender domain. An easy way to do this is to hover over the link inside the email message. Be wary if the URL doesn’t belong to the company that supposedly sent the message.
2. Incorrect spelling and grammar
The reason poor spelling and grammar are used in phishing email scams is twofold. First, some scams originate overseas where English is not the actor’s first language. Second, devious actors strategically use subpar spelling and grammar to weed out critical people leaving those who fall prey to phishing more likely to complete the desired action.
3. Threats or demands for action
No credible organization threatens its customers with serious consequences. Consider it suspicious if an email sender demands that you click a link, open an attachment, or reply with personal information (i.e. financial information) or else face legal action or a frozen account.
4. Request from a vendor to an unassociated email address
Know which email addresses are associated with each account you have if you have multiple ones. Be skeptical of requests to non-associated addresses. For example, assume phishing if you receive an email from Amazon to your professional email and the account is not linked to it.
5. Unexpected email or attachments
Use caution if you’re not expecting to hear from someone via email. The same goes for unexpected attachments. Don’t click on it. Give the sender a call to see if they truly emailed you an attachment.
6. Low-resolution logo
Phishers often use crude tactics like “cut and paste” to grab a logo from an organization’s website to pass it off as their own. Chances are the sender doesn’t work there if a government agency, bank or other legitimate organization’s logo is low quality, blurry or just not prominent.
7. Offers for free stuff or cheap deals
Offers that sound too good to be true probably are too good to be true. Things like free products and services, cheap bargains, sweepstakes and prizes should raise an eyebrow and an alarm.
Remember
DO
- Be vigilant when checking emails. Always give full attention to the task at hand and never give any suspicious sender the benefit of the doubt.
- Look at the “from” address. An email is fraudulent if it says it’s from a legitimate organization (e.g. a bank or financial institution) but comes from something like a Gmail account.
- Make sure your endpoint protection and patches are current.
DON’T
- Don’t give out personal information or financial data.
- Don’t click on a link, open an attachment or call phone numbers provided in unexpected emails.
- Don’t use the same password for every account. Using varied passwords for each account will protect you if you do get hacked. The hacker will have trouble accessing the other accounts even if one account is phished. Also, change passwords right away if you think you have been breached.
Be prepared – phishing email scam tactics are always evolving. Stay up-to-date and learn as much as you can about the latest methods that attackers are using. You will be able to better identify advanced techniques the more educated you are and the more exposure you have.
Businesses may also consider implementing anti-phishing and user awareness training programs to educate all of their employees. Contact us with any questions about phishing or to start your user awareness training program today!