7 Ways To Spot A Phishing Email
Phishing attacks are one of the most common and effective ways for cyber criminals to gain access to your personal data, and wreak havoc on your computer. Worse yet, they are on the rise and costing companies and organizations around the world billions of dollars every year.
Phishing emails find their way into at least half of all internet users emails daily. While Protek works vigilantly to protect you against all manner of spam, even the best security prevention measures can be circumvented. That’s why the most important line of defense against cyber terrorism is the End User (that’s you)! That’s why it’s vital to be informed and always cautious when it comes to your personal and businesses security.
Here are 7 suspicious things to look out for when you get an email:
1. Don’t trust the display name – A favorite phishing tactic among cyber criminals is to forge the display name of an email. Making is seem like it is coming from a reputable sender. Return Path has analyzed more than 760,000 email threats targeting 40 of the world’s largest brands, finding that nearly half of all email threats forged the brand in the display name. The idea: If a fraudster wanted to forge a display name to look like My Bank, the email may look like this.
Since My Bank does not own the domain “secure.com” DMARC — or the Domain-based Message Authentication — this email will not be blocked on My Bank’s behalf, even if My Bank has set their DMARC policy for mybank.com to reject messages that fail authentication.
This fraudulent email then looks authentic as most inboxes only present the display name, not the senders address. Check the address in the header, if it looks suspicious don’t open it!
2. Hover don’t click – A common thing to look for in a fraudulent email is direct hyperlinks in the body of the text. This should be an instant warning sign; as most legitimate businesses will never send out a raw hyperlink rather they will send it embedded in text or a picture. Never click on the hyperlink without fist hovering over the link itself! If the addresses don’t match, immediately contact the company or organization (if it’s a company you know) and inform them of the fraudulent message.
Like the example above, most hyperlinks seem genuine but once you hover you see the links do not match. Rather than the expected hyperlink you are confronted with a suspicious link with no discernable company name.
3. Check for grammatical or spelling mistakes – Companies are serious with how they communicate with their customers. Legitimate messages will be thoroughly reviewed for spelling and grammatical mistakes by a team of editors. It is infrequent that an official communique will have a major mistake.
4. Analyze the salutation – Does the Email address you with a personal salutation using your first and last name or does it address you as a ‘valued customer’, this is a red flag — so watch out.
5. Beware of urgent or threatening language in the subject line – Creating a sense of urgency or fear is a common phishing tactic, beware of subject lines that claim your ‘account has been suspended’ or your account had an ‘unauthorized login attempt’. If it’s a true emergency, a legitimate business will attempt to contact you in other ways.
6. Review the Signature – Details regarding the signer or how to contact the company are always present in a legitimate message, a lack of these details is a suspicious sign.
7. Don’t believe what you see – Always approach all your emails with suspicion, just because an email has convincing brand logos, language and a seemingly valid email address does not guarantee a valid communique. Be cautious, and if an email even remotely seems suspicious, don’t open it.
Eric is the owner and CEO of Protek Support and is a CISSP (Certified Information Systems Security Professional). He graduated from Utah State University with a Bachelors of Science degree in Business with an emphasis in Information Technology (IT). He is an IT Services expert in a variety of technology related fields. Some of these fields include document management software/hardware, enterprise level networking and VoIP phone systems, as well as large scale software implementation projects and the setup of small business networks.