In these email-dominated days, phishing attempts are a fact of life. More than half of all users who receive these fraudulent messages end up opening such emails — and many even fall for the scam.
The aim of phishing emails is to gather personal information about you, generally related to your login credentials, passwords, or finances. Many phishing attempts are often so well-disguised that they escape the scrutiny of a busy employee who doesn’t have time to closely inspect each message. But here are a few tips to help you identify whether that email really came from your bank or is another attempt at defrauding you.
What is a phishing attack?
A phishing attack occurs when a hacker sends you an email that tries to convince you to perform a certain action. Phishing emails are effective because they look like regular emails and are hard to identify.
Here’s how to spot one:
1.) Check if the sender’s email address is correct.
Do you know this person? Were you expecting this email? Is the domain name correct? At first glance, phishing emails might look like legitimate messages. But if you look closer by inspecting the details of sender name, subject line, and body copy, you might find minor mistakes that or strange phrasings that wouldn’t be found in a legitimate email.
2.) Check to see if the email sounds urgent.
Phishing emails tend to have a sense of urgency — hackers want you to feel rushed and make mistakes. Commonly used words to look out for include “ATTENTION,” “URGENT,” “CRITICAL,” “NECESSARY,” or “RESPONSE REQUESTED.” Spotting these anywhere in an email is your first hint that it could be a phishing attempt.
3.) Check the spelling, grammar, and punctuation.
Is the email easy to read? Are there lots of errors? Are any sentences or phrases written so awkwardly that you have to go over them two or three times just to understand them? If so, use caution — any legitimate email will most likely be spellchecked before it’s sent. And since email is the lifeblood of communication, any sloppy words or misspellings should be an immediate red flag.
4.) Check if the URL links are valid.
Hover over the link to make sure it is correct before you even think of clicking on it — if the words say http://www.google.com, the preview link should also be http://www.google.com. Beware of long strings of nonsensical characters or any major differences between the link in the email copy and the preview link that shows up when you hover over it.
5.) Use caution with attachments.
If you’re concerned about the authenticity of an email, do not download any of its attachments as they could contain a virus that might install illicit malware or ransomware on your computer. In recent years, phishing attempts have employed ZIP files, PDF files, and even .WAV files masquerading as voicemails that are sent directly to your inbox. Clicking one of these infected files can cause widespread damage to your computer and any other systems it is connected to.
6.) Other helpful tips:
Company-wide Internet filtering and network security can stop some unauthorized phishing attempts. Employers should also take extra precautions to alert their employees when and from whom any critical communications will arrive. Also, notifying IT support staff — whether internal or external — when obvious phishing attempts do land in your inbox can also cut down on the future threat of fraud or infection. Even the best technology requires smart, savvy human beings whose insight and intelligence can help systems work properly.
The bottom line? Be careful out there! New phishing attempts emerge on a daily basis, and real security requires a proactive approach to protecting your email accounts. At CMIT Solutions, we worry about IT so you don’t have to, and our North American network of more than 160 locations and 800 technicians work 24/7 to prevent our clients from being negatively impacted by phishing attempts, scams, hacks, data breaches, malware, viruses, and more. Contact us today to learn more.