With our busy lives and fast-paced world, it’s no wonder phishing email scams are on the rise. And it’s truly amazing how a simple, innocent-looking, everyday email can put a company out of business. With what appears to be an ordinary or routine looking email, when acted upon by an untrained eye, could costs your company thousands of dollars and countless hours of unproductive time, if it survives the attack. According to CISCO’s 2021 Cybersecurity Threat Trends report, 90% of data breaches occur due to phishing. What makes phishing so successful and relevant, is that they are difficult to detect. They can often go unnoticed until it’s too late.
What is a ‘phishing’ email?
Phishing is like fishing in a way.. only it is someone trying to fish for information with the intent to steal. Phishing email is a fraudulent message that appears to be legitimate and generally asks you for personal confidential information, such as: credit card information, login credentials, banking information, or information of interest, in the attempt to steal. It is a cybercrime.
Bad people work hard to scam people into thinking their email is from a trusted source. If you don’t look carefully at the details of the email, you may not be able to tell the difference between a normal email and a phishing email. That’s why it’s important to train your team on how to recognize phishing emails.
Here are 5 easy ways to recognize a phishing email:
- The logo or overall appearance doesn’t look right. Sometimes you can spot a fraudulent email right away because it just doesn’t look right. Go with your instinct – if it doesn’t look quite right, you are probably right and don’t click on any link or provide any information. If the logo is grainy or too small or too large or in a different place or missing, be suspicious. It could be a fraudulent email.
- It’s poorly written. Often, a fraudulent email will contain spelling and grammar errors that are generally not found on an email from a trusted source. Read the email carefully, does it look odd or different than the previous emails that you may have received? Does it include questions asking you for information or requesting you to click a link?
- The email address that it is coming from is fake. If you have any suspicions at all or want to confirm that it’s a legitimate email from a trusted source, then look closely at the email address that it is coming from. Does it match the previous trusted email you may have received, or does it match the one that is on the trusted source website? In many cases it is only off by one simple character, so you must look closely to recognize fraudulent email addresses. If the email doesnot appear to be legit, then don’t click on any links, provide any information, or reply. You could be a target of a phishing scam.
- The email contains bogus links. Pay close attention to the details of the suspected fraudulent email. Use your mouse to hover over the link so that the website address appears at the bottom left of your screen. Many times, the email will appear to be from a trusted source, but if you hover your mouse over the link so that the URL or website address appears, you will notice abnormalities which could indicate a phishing email. Do not click on any links, provide any information, or reply. Simply delete the email completely.
- Beware of ‘warning’ emails. If you are unaware of any issues with your accounts, chances are you don’t warrant any ‘warning’ email. Emails that include the words: Warning, Respond Now, Unusual Activity, Unusual Sign-on Activity, Response Required, Account Expiring…. often in all capital letters – telling you to do something now are usually fraudulent. If you are concerned about the legitimacy of an email, contact the company directly. Trusted sources generally do not send threatening emails or emails that include all capital letters.
It pays to be cautious when opening emails. Protect your personal information. It may seem like nothing to give away a small amount of information, but that’s just one more piece of information a bad person has. Cyber criminals are very good at social engineering and can easily obtain information they want from unsuspecting users.
How can you help prevent phishing emails? Ensure you have up-to-date anti-virus, anti-spyware, and spam filtering installed. Provide endpoint protection by enabling secured firewalls. Enable multi-factor authentication (MFA) to ensure personal security with your email. And of course, make sure your computer and devices are password protected using a lengthy, complex password that includes upper and lower case, numbers, and special characters.