Spotting The Bait in Phishing Emails:
In an era dominated by digital communication, email remains a primary means of interaction, however, with convenience comes the risk of falling victim to scams and phishing attempts. According to recent studies published by Statista; approximately 98% of all cybercrimes (hacks, breaches, spills) are caused by some form of social engineering and/or human error (1). As such, protecting yourself from phishing threats begins with recognizing the red flags. Here's a guide to help you navigate the often-murky waters of your inbox.
1. Verify the Sender's Email Address:
One of the initial steps in identifying a potential scam is scrutinizing the sender's email address. Legitimate organizations typically use official domain names, but that is not always the case. Be wary of addresses with misspellings, extra characters, or domains that don't match the company's official website. It is also good practice to check who the email is going to. Often phishing emails will be sent to people en masse, so you can expect to see dozens, if not hundreds of people on the “TO:” line.
2. Check for Generic Greetings:
Phishing emails often use generic greetings like "Dear Customer" or "Dear User" instead of addressing you by name. Legitimate organizations typically personalize their messages with your name or username. If the email lacks this personal touch, exercise caution. It is important to note that legitimate companies will almost never ask you for personal information via email, or if they do, they will provide some form of bona fides to establish a legitimate trust relationship with you beforehand. Be extremely skeptical of any email that asks you for identifying information.
3. Examine the Content for Spelling and Grammar Mistakes:
Scam emails often contain spelling and grammar errors. Professional organizations meticulously review their communications and have editing procedures in place to ensure clarity and validity of their correspondence. If an email is riddled with mistakes, it's likely a phishing attempt. It is also not uncommon for these emails to utilize stolen logos from legitimate brands so examine the logos and formatting of the email for any deviations in size, shape, layout, color, or context.
4. Scrutinize Links Before Clicking:
Hover your mouse over links without clicking to preview the destination URL. Verify that the link matches the purported sender's website. Cybercriminals often use masked URLs to redirect you to fraudulent sites designed to capture sensitive information. For tech-savvy users, it is also possible to inspect the HTML pointers to see if the link is false or not. When in doubt, navigate to the company’s website out-of-band to confirm that you are reaching a legitimate site.
5. Be Skeptical of Urgent or Threatening Language:
Scammers often use urgency to manipulate recipients into acting without thinking. Be wary of emails claiming your account will be suspended or legal action will be taken unless you provide information immediately. Legitimate organizations communicate important matters through secure channels and rarely use scare tactics like this to elicit action.
6. Verify Requests for Personal or Financial Information:
Legitimate companies will never request sensitive information, such as passwords or credit card details, via email. If an email asks for this information, consider it a red flag. Contact the organization directly using official channels to confirm the legitimacy of the request. Never use any contact information located in the suspicious email. It is a better practice to open a separate browser tab, navigate to the official website (make sure that the URL is legitimate), and scrolling down to the “contact us” section.
7. Use Email Security Features:
Enable email security features provided by your email provider. These may include spam filters and phishing detection. Additionally, consider using two-factor authentication to add an extra layer of protection to your accounts. For systems and software that do not provide robust cybersecurity functionality, consider using an external third-party provider or supplemental defense-in-depth tools to utilize this capability.
8. Trust Your Instincts:
If something feels off, trust your instincts. Cybercriminals continually evolve their tactics, so maintaining a healthy skepticism is crucial. If you're uncertain about an email's legitimacy, contact the organization directly using verified contact information, not the details provided in the suspicious email.
By staying vigilant and developing a critical eye for email content, you can significantly reduce the risk of falling victim to scams and phishing attempts. Regularly update your knowledge on evolving cyber threats, and share this information with friends and colleagues to create a more resilient online community. Remember, an extra moment of scrutiny can save you from the headaches of a phishing attack.(2)
Comments