Phishing attacks have become a severe problem for both individuals and businesses. The rallying cry has always been “watch out for phishing scams,” but how can people tell a phishing email from a real one?
Cybercriminals are looking for the next big score, and that could be you, your employees, or even your business by using a sophisticated phishing attack. In the early days of the phishing industry, the methods scammers used were rudimentary and easy to spot: haphazard emails, obviously fake domain names, and spelling or grammatical errors that would make an English teacher cringe.
Times have changed, and the threat actors have become better at orchestrating the perfect phishing scam, but the goal remains the same: theft. Phishing emails don’t need to look great to be effective, however, because cybercriminals rely on volume. They launch thousands of phishing attacks every day in the hopes of tricking a percentage of their targets, and they’re often successful. According to the FBI’s Internet Crime Complaint Center, $57 million was lost to phishing attacks in 2019. Some of the tactics may change, but signs that will help you recognize phishing emails will not.
You can protect your identity and other sensitive information if you know how to recognize what a phishing email looks like so you don’t mistakenly respond to one.
How to Recognize Phishing Emails
Phishing emails may appear to look like they’re from a legitimate company you know and trust – like a credit card company, online store, bank, social network, or online payment website. The content is always the same: a story or scheme to dupe you into opening an attachment or clicking on a link embedded in the email.
Warning Signs to Look Out For:
- Fake Businesses
A bank or service provider (maybe not even your own) sends you an email saying they’ve noticed suspicious activity or log-in attempts and ask for personal or financial information. Banks, credit card companies, or other financial institutions will never ask for your banking PIN, Social Security number, or account number via email.
- Frozen Accounts
You get an email claiming there’s a problem with your billing details and your account has been frozen.
- Grammatical and Spelling Errors
While scammers have gotten better at this, some still send out phishing emails loaded with weird language and typos.
- Bogus Tax Rebates
You get an email saying that you’re eligible for a tax refund or government settlement.
- No Name
Scammers don’t know who you are and will use generic greetings such as “Hello Dear,” “Dear Sir or Madam” or “Dear Account Holder.” Legitimate businesses know who you are and will address you using your name.
- Too Good To Be True Deals
Unsolicited emails containing a coupon for free stuff or irresistible deals on vacations or smartphones. If it’s too good to be true, it probably is.
- Sense of Urgency
Phishing emails will always have an urgent CTA (call to action) that hopefully makes the target spring into action without a second thought. Urgent requests for action are almost always phishing scams.
- Unknown Senders
If you get an email from a company or person you don’t recognize, consider deleting it. If you’re curious and want to know what it’s all about, do not click on any links or attachments.
- Emails from Your Contacts
You might get an email from someone you know or a person in your contacts. Read the message carefully, and if there are requests for personal information or money, it may be a phishing email. Look for other ways to get in touch with the person because his or her email may have been compromised.
No matter what method cybercriminals use, phishing emails will always tell the recipient to confirm or verify personal information for the issue to be resolved. These emails may contain fake invoices as attachments with a hidden malware payload or instructions to click on a link to make payment and update personal details.
How to Protect Yourself From Phishing Attacks
Spam filters do an excellent job of keeping most phishing emails out of your inbox, but attacks are getting more and more sophisticated. Adding extra layers of protection can help you steer clear of phishing attacks.
- Keep your Operating System (OS) and Software Updated
Ensure that your OS, programs, and apps are always patched and updated to the latest version to plug any vulnerabilities that hackers can exploit.
- Use Security Software
Protect your computer and mobile devices with an antivirus and firewall that can keep the bad guys out and protect your system from threats.
- Use a VPN
A virtual private network or VPN can create an encrypted tunnel to ensure no one can snoop around and intercept your communications.
- Enable Multi-factor Authentication
Protect your online accounts with multi-factor authentication – an extra layer of protection needed to log in to your accounts such as a passcode you can get via an authenticator app or text message or biometric security (your retina, face, or fingerprint). Hackers won’t be able to access your account with MFA enabled, even if they have your username and password and are using a different computer in a different location.
- Backup Your Data
Create data redundancies and save your data in the cloud or an external hard drive not connected to your network.
- Report It
If you received a phishing email, you could file a report with your bank or the organization the scammers were impersonating and use an email follow up automation tool if there’s a need to follow-up with them so you won’t forget. You can also report it to the FTC and the Anti-Phishing Working Group at [email protected]. If you responded to a phishing email by mistake or feel that scammers have your details, go to Identitytheft.org.
Phishing emails have all the elements that can fool people into thinking they’re legit – big-name company logos, content with little to no errors (copied from emails), and domain names that read like the real thing. Domain spoofing, masked URLs, and embedded self-propagating malware are some of the tools cybercriminals use to launch their phishing attacks. You can easily prevent phishing attempts from doing real damage by recognizing what they look like and avoiding them at all costs.