30 Oct 6 helpful tips for recognizing phishing emails
What are phishing emails?
Phishing is a form of a cyber attack that targets its victims, typically via email, in an attempt to steal sensitive information from you, deliver malware to your computer, or trick you into doing something for them. There are many different types of phishing emails out there and it is important to learn how to discern a phishing scam email from a normal email.
How does a phishing email work?
A scammer/cyber attacker finds your email address and sends you an email. This email may come from a name clouded to look like your bosses name, a company you work for, a service provider, or a client. They may ask you to view an external link and enter personal information into their portal, or maybe they have a file that they tell you to download that puts a virus onto your computer.
Typically, if you don’t click on the link/download the file/provide the scammer with your information, you should be okay. It is definitely always someone to let your IT department know about so that they can take a look at your spam filters and figure out how these emails are getting to you, along with warning other members of the company to be on the lookout,
How can I tell if an email is a phishing email?
Non-domain emails or misspelled domain names
Phishing scammers have gotten very good at making their emails appear real at face value. One trick that is helpful to learn is to check what email address the email is being sent from. A lot of times, they will use the “from” name of someone in your company or someone you work with. But, if you hover over their name, you will be able to see the email address that it actually came from and identify it as a scam.
In this example, the “From” name is Michelle’s name, which is an attempt to give the email some credibility. But when I hover over her name, I can see that it actually comes from an entirely different address and is just disguising itself as Michelle to trick me.
Spelling/grammatical errors
We all have a typo now and then, but you’ll be able to tell the difference in a phishing email. The body text of the email will sound abnormal, not like your normal “their” versus “there” typo. Pay close attention to who is sending you the email, and if you recognize this as being how they normally send you emails (in the case of the email being disguised as coming from someone you know). Heavy spelling and grammatical errors are a great indication that the email might be spam.
Forcing you to visit a website
You may receive an email claiming “XYZ bad thing is happening- click on this link to resolve it!” or “Please sign in to confirm your account with us”. Typically, if you click on the link it will request personal information from you, or the website could even immediately download some kind of spam onto your computer. You can identify the credibility of the web address by verifying that it has HTTPS as opposed to HTTP (link to webfeat blog). While this isn’t an end-all, be-all sign that it is safe, it is a helpful indication.
Unidentifiable/unsolicited attachments
Sometimes, cyber attackers who send phishing emails will include an attachment to their email. Their hope is that your curiosity gets the better of it, you open it, and then that attachment will download spam or malware onto your computer, allowing them to hack it to steal your personal information.
Requesting personal information and requesting you to purchase things
Phishing emails will often ask you to provide them with personal information, such as directly sending them your cell phone number or sending you a link to a portal to enter all kinds of personal data. They also may respond to your email and request for you to purchase things, like gift cards, and send them the gift card codes via email or text message. Try to gauge whether or not these are normal requests from your boss (they probably are not), and don’t interact with the email sender any further.
Utilizes scare tactics
The last characteristic of a phishing email that we want to highlight is that they often use scare tactics and attempt to create a sense of urgency or fear. Sometimes it will be something along the lines of “we caught you doing XYZ and now you owe us money or we will tell EVERYONE”. Or sometimes it can be as simple as an email from “your boss” requesting you to do something for them very urgently and that they need a response from you immediately.
In this example, the subject line reads “Quick Action Required!!!” alerting me that it may be an email that needs my attention immediately.
Then the body of the text dives into creating more urgency, saying the task needs to be completed ASAP. The goal is to trick you before you have time to second guess it.
To avoid phishing emails as much as possible, you want to work with a hosting service that puts a heavy emphasis and value on your security, the security of your website, and the security of your personal data. Our hosting services and experts are committed to giving you the safest options for your website and email hosting. Contact us today for more information!