Companies and individuals are often targeted by cybercriminals through emails designed to look legitimate. Phishing emails today are making it increasingly difficult to distinguish a fake email from a genuine one.
However, there are widely known indicators of a fake one. Below are some clues to help you spot phishing scams.
1. The email is not addressed to the recipient.
They usually use generic salutations such as “Dear valued member,” “Dear customer,” or “Dear User”. Sometimes the email is addressed to an undisclosed-recipient, meaning it was sent to multiple people.
2. You don’t have an account with the company.
3. The Website URL and the email addresses do not look genuine.
Always look at the email address, not the sender only. At a glance, they can look very authentic but actually you may find that it is intended to appear authentic. For example, you may see a popular domain name such as PayPal written out like this: “firstname.lastname@example.org” or ”email@example.com” instead of “@paypal.com”
The best way to check the domain name is to type the company’s name into a search engine.
4. The email subject and body creates a sense of urgency.
Plenty of scam emails request that you act now or it will be too late.
5. Grammatical/Typo error
If you have received an unexpected email from a company with bad grammar/typos, this can be a strong indicator. Scammers usually prey on less observant and thus, easier targets.
6. It will ask you to click a suspicious attachment or link.
Legit companies don’t randomly send you emails with attachments but instead direct you to download documents or files on their own website.
Sometimes phishing emails are written with a lot of links so that accidental clicking anywhere in the email will open a bogus web page or download spam onto your computer.
Unfortunately, many legitimate and scam emails hide the destination address in a button, so it’s not immediately obvious where the link goes to.
But you can do these:
- On your PC, hover your mouse over the button/link and the destination address appears in a small bar along the bottom of the browser.
- On a mobile device, hold down on the link and a pop-up will appear containing the link.
Do not open attachment, especially when the file types are .exe, .scr, .app, .bat, .js, .msi, .cmd, .vb/.vbs, .pif
When in doubt, contact the company/person directly using the contact information obtained from their actual website.
7. It will ask you to confirm/update personal information
Be wary of emails requesting you to confirm personal data, such as banking details or login credentials.
Other things you can do to prevent being a victim of phishing:
Use your saved link. If it's a company, you may already have a bookmark of the website you can use, if not, use a search engine and type in the company, then use the link to go to the correct website. Or call the company to verify.
Make sure to install/update your antivirus/anti-malware software. Deploy SPAM filter to block/detect malicious emails. For companies, a firewall can help prevent phishing attacks and block malicious files
Be cautious with emails. When in doubt or if something looks suspicious, delete it. Warn other employees if it’s a business email domain. It is crucial that you educate employees to understand and analyze the way phishing works and what to do if they receive a malicious email.
If you fall victim to a phishing scam, change all of your passwords immediately. If you use the same username/password to other sites, you may need to change those passwords too as cybercriminals could try to access other commonly used sites.
Need help with your network security? Maybe we can help, send us a message.