Online Security: Tips to Spot a Phishing Email

In recent years, cybercrime has grown massively and now poses a significant threat to companies big and small around the world. If you operate in any capacity online (and let’s face it, pretty much all of us do these days), you or your firm could be wide open to the dangers of online crime.

By 2025, the costs of cybercrime globally are expected to top $10.5 trillion. Already, experts suggest the revenue generated by online crime could make it the world’s third-largest economy.

What is a Phishing Attack?

 While cyberattacks can take many forms, Phishing is by far the most common – and also the hardest to protect against. In a phishing attack, a hacker will pose as a trusted or known individual to the user, encouraging them to part with sensitive personal or corporate information.

Phishing is most common over email, although hackers can also mimic trusted websites – a problem the major search engines like Google are actively trying to counter. Phishing is so powerful because it exploits our natural human nature to trust. As humans, we inherently have faith in the things we know and that seems familiar.

The best way to counter phishing is through education and learning to spot the tell-tale signs that a site or email isn’t quite what it purports to be. Below are some top tips to help you spot a potentially malicious attack:

The Web or Email Address Seems Suspect:

It’s very common for hackers to use variations of trusted email addresses or websites to masquerade as the original. For example, you might get an email from @users.facebook.info rather than the genuine @facebook.com address. As hackers have also started copying familiar email layouts and design, users can very easily be fooled into thinking an email (and even a website) is that of a genuine company. Always check the website address, look for https:// as a prefix, and examine the full originating address of emails. You should also take a second to hover over links in emails to reveal the URL it’s going to take you to. As a general rule, if it looks suspect, it probably is.

Generic Greeting:

Often, those sending phishing emails aren’t only sending it to you. They will be trying to access thousands of accounts at any time. So, if an email arrives with a generic greeting, such as “Dear Sir,” which seems out of place and unusual, it probably is! Fraudsters may have your email address, but they don’t have your name – and you want to avoid giving it to them at all costs – and this is seen in their practice of sending generic emails. Other examples include “Dear Member” and simply just “Hi/Hello.” If a website usually refers to you by your name, seeing a generic greeting is a clear sign that it’s not that website writing to you.

The Text on a Website or Email is Badly-Written:

Big corporations spend millions every year to maintain their corporate image and hold an air of authority. While spelling mistakes or typos can occasionally slip through the net, they are usually corrected very quickly. Seeing mistakes or errors in prose can be a signal the site or email isn’t from a genuine source. Also, there is an interesting theory that many phishing emails deliberately feature bad text as a way to identify the most gullible users i.e. those who are more likely to just inherently trust and go through the whole process of handing over their details.

You Notice a Suspicious Attachment:

Receiving an unexpected email with an attachment from a company can be a sign of a phishing attack. Often attachments will install software directly on your machine or push you to a URL that will prompt you to do the same. In truth, regardless of whether you trust the originating company or not, it’s good practice to scan all attachments with an anti-virus program before opening them.

An Email Requests Personal Information:

While it might seem obvious, you should never send sensitive information over email at the best of times. However, rule 101 of emails should be – do not respond with personal details to a mail that expressly asks for sensitive information. Banks and official organizations will never request these particulars by email.

An Email Requests ‘Urgent Action’ Required:

One tactic those sending phishing emails use is to mark their emails as ‘urgent’. They use calls to action that entice you and make you feel like you must take action immediately. Emails that contain phrases such as “your account will be closed” or “urgent action taken” should be investigated properly before acting on anything it may ask you to do. The action requested could be to enter your login details for websites or banking apps, which the fraudster will then use to access your account without your knowledge.

You May Also Like