Phishing emails are sent out to unsuspecting individuals all across the world every day. While some of these emails can be easily identified as a scam, others can be quite believable. So, how exactly do you distinguish a legitimate email from a phishing attempt? Unfortunately, there’s not one single method. However, there are many things you can look for in a suspicious email to better guess if it is real or not. Being able to spot a phishing email will better keep you safe from a potential cyber attack. Here’s what to look for:
1. Check the Sender
Always check to see whom the email is from. This can be one of the most telling aspects of a phishing email because phishing emails come from illegitimate senders pretending to be someone else. Ask yourself these questions:
- Is this someone you normally communicate with? If not, is what they’re asking for unrelated to your job responsibilities?
- If it looks like the sender is someone from your organization or someone you normally communicate with, is their behavior unusual or different than how they normally present themselves?
- Is the sender’s domain (person@gmail.com) suspicious? The domain shows where the email is coming from and is usually the company’s website (ex: amazon.com). Therefore, a legitimate sender will likely have a legitimate company domain (ex: janedoe@amazon.com). Here is an example of how a cybercriminal can try to spoof a domain: Legitimate sender – order-update@amazon.com vs. phishing sender – order-update-amazon@gmail.com. Since Gmail is a personal email service, amazon wouldn’t use Gmail to send emails to their customers. Cybercriminals will also try to trick you by misspelling a contact email hoping you’ll miss it: Legitimate sender – Stephanierodriguez@yahoo.com vs. phishing sender – stephanierodrigeuz@yahoo.com
2. Check the Recipient
Most people don’t think to check ‘To:’ on an email when suspecting a scam. However, it can help detect a phishing attempt. Ask yourself this:
- If the email was sent to multiple recipients, do I personally know these people?
- Was this email sent to an unusual group of people? For instance, even if the recipients are part of your organization, is it a group of people from different departments or a group of people whose last name starts with the same letter?
3. Check the Links
Checking the links is the most essential aspect of detecting a phishing email. Oftentimes the link in a phishing email will appear to be perfectly valid due to cybercriminals changing the text of the link to make it look less suspicious. However, if you hover your mouse over these links (on a desktop) or press and hold the link (on smartphones), you can view the actual hyperlinked address before clicking and landing. So, ask yourself these questions:
- Is the displayed hyperlink different from the actual landing address? This is a big warning sign.
- Is the hyperlink a misspelled, known website? (www.bankotamerica vs. www.bankofamerica). At first glance, the ‘t’ could be mistaken for the ‘f’ in the legit URL.
- Did the email you received have a long hyperlink with no further information?
4. Check the Attachments
Like hyperlinks, attachments can contain malicious landings. Ask yourself these questions next time you receive a suspicious email that contains an attachment:
- Did the sender send an email with an attachment that I wasn’t expecting or doesn’t relate to the message?
- Does the attachment contain a dangerous file type? The only file type that is always safe to click on is a .txt file.
5. Check the Date and Time
Always check to see when the email was sent to you. Ask yourself this:
- Was a business-related email sent to me long after business hours? Receiving an email at 3 am is a little suspicious, don’t you think?
6. Check the Content
There are many different things to look for in the content of the email to detect if it is a scam or not. Here is what you should ask yourself:
- Is the email unexpected or out of the ordinary?
- Does the email contain bad grammar and/or spelling errors? Whenever a company sends out an email, it is usually checked for spelling, grammar, punctuation, and usage errors to remain professional and reputable. If there are any errors, or the entire message is oddly formatted, it is likely a scam.
- Does the message ask for personal information? No matter how official an email looks, it is always a clear warning if someone asks for your personal information via email. Also, be skeptical of links asking you to confirm personal information within the emails. A legitimate company will take necessary, secure measures to ensure your data is safely transferred IF your personal information is needed.
- Is the offer too good to be true? We all know the saying “If it’s too good to be true, it probably is.” Cybercriminals love to lure victims in with offers they can’t resist.
- Does the message make unrealistic threats? Some cybercriminals try to trick you into giving up personal or sensitive information, while others try to intimidate you. If you receive an email telling you to act on something urgently OR ELSE, this is likely a scam.
- Do you have a bad gut feeling about the message? Is this email just plain weird or out of the ordinary? Trust your gut. Delete it and move on.
90% of cyber attacks start with a phishing email and phishing is the number one cause of data breaches. If you’re an employer, how confident are you in your employees? Do you trust they won’t fall for a phishing attempt? You’re only as strong as your weakest link. Make sure there are no broken links in your cybersecurity chain because it only takes one employee falling for a phishing attempt to send your business into a downward spiral.
Call us today to schedule a free, (yes, this is legit!) cybersecurity briefing that includes a vulnerability scan of your IT network, a dark web scan for compromised business passwords, and a one-time phishing email test. We will provide our findings to you through a results report and review, which will guide you to the next step: action. Secure your Houston business by contacting us today.