Every day, over 300 billion emails are sent!
Take a look at your own inbox – you probably have messages from your bank, promotions from your favourite online shop, work updates… and the list goes on.
But do you ever find yourself wondering if the email is genuine or not?
Then you’re not alone.
Phishing emails, whereby scammers attempt to trick unsuspecting users into giving over details, sending money or clicking on malicious attachments, are nothing new. In fact, they have been one of the most common attack vectors for a number of years. However, due to the increasing sophistication of scams, knowing how to spot a phishing email is becoming more difficult than ever.
With that in mind, here are six tell-tale signs that an email is a phishing attempt.
Grammar and spelling errors
Probably one of the easiest ways to spot a phishing email is if it contains poor spelling and grammar. Indeed, it’s amazing how easy it is to spot an attempt by the poor language used in the messaging. And believe it or not, the theory is cyber criminals intentionally send error-ridden emails to screen out individuals who may be less attentive or unable to recognise faults, thus making them easier targets.
So, make sure you read emails carefully, checking for spelling and grammatical mistakes, as well as strange phrasing. Emails that have come from a legitimate organisation should be well written.
Top tip: Look for grammatical mistakes over anything. Cyber criminals will often use a spell checker or translation machine which gives them the right words but not always in the right context.
Inconsistencies in email addresses, URLs & domain names
Another simple way to identify a potential phishing attempt is by looking for differences in email addresses, URLs, and domain names. Scammers will often spoof email addresses and change display names to make emails appear to have come from a contact of the victim or an official source.
Take time to hover your mouse over the display name and if the domain name (the part after the @ symbol) matches the apparent sender, the message should be legitimate. If a link is embedded, make sure to also hover your mouse over the link to verify what pops up. Finally, checking prior correspondence to see if the email addresses match can help you identify if the email is coming from who they say they are.
Top tip: Be sure to inspect closely – in some case hackers will simply add an extra letter which at a glance, you may not spot! If the domain names don’t match, don’t click.
Suspicious attachments and links
If you receive an email containing an attachment, alarm bells should ring – especially if it is about something unexpected. It could contain a malicious URL or trojan which works by installing a virus or malware onto your PC or network once clicked. Keep an eye out for high-risk attachment file types such as .exe, .scr and .zip.
Always remember that a legitimate organisation will not randomly send you emails with attachments, and, if they do, they will most likely direct you to their website to do so. However, as discussed above, it is best practice to hover over links to verify where they will take you to.
Top tip: When in doubt, contact the company or person directly over the phone using verified details obtained from a website or used previously.
Urgent action required or threats
A common phishing tactic is to instil panic on the recipient. For instance, the email may tell you to act now to claim a reward or avoid a penalty. Alternatively, it may say your account has been compromised and that the only way to verify it is to input your login information; or worse, it may indicate that your account will be closed if no action is taken.
Generally speaking, emails that threaten negative consequences or demand immediate action should be treated with suspicion.
Top tip: Take the time to think about whether an email is asking something reasonable. Would a company or the individual really ask that of you out of the blue?
Request for sensitive information
These days, phishing emails are very sophisticated. Scammers go to extreme lengths to ensure the emails they send imitate legitimate businesses – and they can be hard to spot. However, a big give away that an email is not from a trusted source if often when an authentic-looking message makes unusual requests such as confirming personal information you would never usually provide.
Legitimate organisations rarely ask customers to enter login credentials or other private information through an email. This is as a precautionary measure designed to safeguard consumers and help customers spot fraudulent and legitimate emails.
Top tip: Do not use any communication method provided in the email.
Impersonal greetings
In a typical phishing email, scammers will use more generic greetings such as ‘Dear customer’, ‘Dear valued member’ and ‘Dear account holder’. This is because they are generating thousands of emails from compromised accounts, but don’t normally have each name of every receiver. Legitimate businesses on the other hand will often personalise their communications and direct for you to call them via phone.
Top tip: This is an obvious tell for phishing attacks which are launched in bulk. However, spear phishing attacks will normally be personalised so always check for other signs.
Education is the best protection
In today’s world, cyber criminals are showing no signs of slowing down their phishing activity. And the continued rise of these attacks poses a significant threat to all organisations. Successful attacks give digital fraudsters a foothold in company networks, access to vital information and in some cases money. While certain email gateways can detect many of these attacks before they reach end users, many users (both corporate and consumer) do not have this protection. Therefore, the best protection becomes education. Indeed, it is crucial that your staff are educated on how to spot and avoid phishing attacks.
Here at the entrust IT Group we have over 16 years of experience in the cyber security sector. Over that time, we have worked with many of our customers to educate their staff on phishing as well as implemented some of the best monitoring and end-point security solutions – all of which significantly mitigate the risk of an attack occurring. Please get in touch with a member of the team on 0330 002 0045 or email enquiries@entrustit.co.uk if you think you too could benefit from our help.
Alternatively, why not download our FREE eBook on how you can stay safe while online? Estimated read time – 5 mins! >>
e the principles you need to succeed?