Phishing is a cyberattack that attempts to steal money or identity by cohering targets to reveal information by impersonating legitimate organizations. It is one of the most common methods of attack but people still fall victim to these scams quite frequently. According to Verizon’s latest report, 36% of breaches involve phishing attacks and is seen as the top “action variety” in breaches last year. The frequency of these attacks varies from one industry to another but 75% of organizations globally experienced some form of phishing attack in 2020.
As millions of phishing websites and schemes circulate the net each year, hackers are becoming better and more accurate in their impersonation of legitimate companies, making it easier for the average user to fall for their tricks.
How to Spot a Phishing Email
The most common outlet that attackers use to conduct phishing schemes is via email. Hackers will go out of their way to ensure that an email and attachments look authentic. Here are tips to help you recognize a phishing email:
- Email Address
It is important to check the email address, not just the sender. Many times attacks will try and trick victims into divulging information by including names of legitimate companies in their email and web address. Many organizations will have their own email and company accounts so it is crucial to take the time to check the legitimacy of the email address. If it is an organization that you correspond with often, compare it against a previous email from the same organization to make sure it is genuine.
Keep an eye out for bad grammar and spelling. It is important to carefully read the email and check for grammatical errors and spelling mistakes. Emails from legitimate companies are well written and are proofread for spelling and grammar errors to ensure customers are getting quality and professional content. If an email has obvious spelling and grammatical mistakes, it might be a scam.
Another note is the way the email addresses you. These days, legitimate organizations personalize emails and use your name when contacting you. If the email uses “Dear sir or madam,” it is a warning sign that it might not be a legitimate company.
- Suspicious Links and Attachments
The majority of the time, legitimate companies do not send emails that contain attachments, especially unexpectedly. The attachment could contain a virus or malware that can infect your network, PC, or laptop. If you are suspicious of an email, do not open any links or attachments. You can hover your mouse over the link to see if its address matches the link. It is good practice to scan any attachments using antivirus software, even if you think it’s genuine.
- Request of Login Credentials, Payment Information, or Sensitive Data
If you receive an unsolicited email requiring you to divulge sensitive information, there is a high possibility it is a scam. Most companies will not ask you for sensitive information like passwords, card information, and such via email. Some hackers will go as far as creating login pages that look almost identical to the real thing so it is important to be cautious. Even if you have the slightest inclination that it might be a scam, it is advisable to not reply or click any of the links seen on the email. Rather, search online and contact the organization directly. Being wary and double-checking before sharing sensitive information or transferring money will greatly help you from falling prey to phishing attacks.
- Demand for Urgent Action
Cybercriminals use fear and panic to trick their victims into falling for their scheme. Phishing emails commonly use a sense of urgency to make you click on the links or attachments. Some will claim that your account has been compromised and need you to enter information for verification while some will state that your account will be close if you don’t take action. Hackers will even go as far as to impersonate colleagues to exploit you. They use this approach to rush their victims into action before they can fully grasp and study any flaws or inconsistencies in the email. It is important to take a moment and analyze the message, making sure if it’s real or not.
Tips to Consider:
- When sending emails, be clear with your customer or staff on what to expect from an email to avoid sounding like a phishing email. Notify your customers and staff that you do not request personal information via emails to ensure their safety
- Provide information and training to your users and staff to identify phishing emails and the techniques that are used. Provide them information about security awareness to users with financial authority or high-net-worth.
- Use data from any phishing emails to adjust filters to block similar messages.
- Limit the amount of personal details about staff online.
- Provide an additional layer of security by implementing multiple security controls to protect data. Organizations can provide a Multi-factor Authentication system when attempting to access accounts.
Educating users and staff on how to spot phishing attacks will greatly reduce the possibility of a compromise. Cybercriminals can take advantage of the information that users provide on their social media and utilize it to tailor phishing attacks catered to a user’s interests. Companies should reinforce rules and guidance on how to avoid scams to develop good habits among their network. However, users alone are not enough— adapting an advanced cybersecurity plan can ensure a safer environment for users. It is crucial for establishments to apply a brand protection solution that effectively identifies phishing campaigns and proactively protects the organization from these malicious activities. We live in a world where technology is vastly evolving and with the frequency and sophistication of cyberattacks in recent day, it is paramount for companies to be one step ahead of their game.
Purohit, Asha. “How to Spot a Phishing Email.” DeltaNet, 4 June 2021, www.delta-net.com/blog/2021/06/how-to-spot-a-phishing-email.
Irwin, Luke. “5 Ways to Detect a Phishing Email – with Examples.” IT Governance UK Blog, 9 June 2021, www.itgovernance.co.uk/blog/5-ways-to-detect-a-phishing-email.
Cofense. “How to Spot Phishing Emails | 7 Helpful Tips for Employees.” Cofense, 22 Apr. 2021, cofense.com/knowledge-center/how-to-spot-phishing.
Microsoft. “What Is Phishing?” Microsoft, support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44. Accessed 22 July 2021.
James, Mike. “5 Ways to Spot a Phishing Email.” Stay Safe Online, 23 Aug. 2018, staysafeonline.org/blog/5-ways-spot-phishing-emails.
Center for Research and Evidence of Security Threats. “Introductory Guide: Why Do People Click On Phishing Links?”, Center for Research and Evidence of Security Threats, 20 April, 2016. https://crestresearch.ac.uk/download/2243/16-004-01.pdf