You may not realize it, but your computer, mobile devices, accounts, and information all have value to cyber criminals.
According to Verizon’s 2017 Data Breach Report, 91% of company breaches start with an email. Knowing how to maintain email security at the user-level will keep you and your company safe. Here are the top 7 signs of a phishing email to watch out for:
1. An unfamiliar or illegitimate address
Have you ever told your kids not to trust strangers on the internet? You might not think that applies to you, but cyber-crime goes beyond targeting young users. Turning a critical eye on the sender’s address can help you identify the first sign of a phishing email. Watch out for red flags in the email address, such as an illegitimate or unfamiliar domain. If your bank’s emails normally come from email@example.com, an email from firstname.lastname@example.org is probably not legitimate. You should also keep an eye out for display names that don’t match the email address behind them. “Microsoft Team” paired with email@example.com would be a sign to avoid the email.
2. A sense of urgency
“Urgent!” “Action Required!” “Open Immediately!”
While it may be true that the businesses you correspond with or companies you hold accounts with might need urgent action from you, it’s likely that their subject lines would be a bit more specific. It’s in your best interest to be suspicious of any email that uses red-alert terms or encourages you to feel rushed.
3. Generic greeting or salutation
In addition to unknown senders, be critical of emails from “trusted” brands or organizations that don’t address you by name—especially if the email is about account information or other sensitive data. Things like “valued customer” and “user” may seem sincere, but in most cases, a non-personalized greeting is a sign of trouble.
4. Spelling and grammar mistakes
Especially for large companies with teams dedicated to customer communications, it’s highly unlikely that serious, noticeable, or frequent grammar and spelling mistakes would pass through multiple inspections. In direct email communication, minor spelling errors may not be a huge issue (depending on how seriously you take your grammar) but when it comes to mass-communication emails, these errors are major red flags.
5. Uncommon or unexpected requests
If you don’t usually receive requests to wire money or share sensitive info, then an email asking you to transfer funds should be a red flag. For any email, stop and ask yourself if the request makes sense. Didn’t you just update your W4 or verify your W2? Does this invoice match recent company activity? Does your boss or coworker frequently request financial transfers or valuable personal information? These are questions to ask before you click, respond, or provide any data via email. If you’re unsure or if something seems suspicious, try contacting the sender in person. If that’s not possible, search the organization online and use the official contact information from their website to get in touch and verify the unusual request.
6. Suspicious links
Not only should you watch out for a link to malware.com/hack, but also be aware of links that look familiar or trustworthy that are malicious-in-disguise. Hover over links before clicking, and double check that the destination of the link is a trustworthy site as well. When in doubt, just don’t click!
7. Suspicious attachments
Before you download or open that attachment, check for a few red flags. First, unless you have specifically requested someone to send you an executable file for whatever reason, steer clear of any file attachment ending in .exe. However, you should also know that malicious files come in all shapes and sizes. A .exe file is a clear sign of danger, but malicious code and viruses can hide in any type of file, including word documents, powerpoints, and PDFs. Play it safe and avoid opening any unexpected attachments.
Phishing attacks today are more advanced than they once were. Keep these 7 red flags in mind to help you stay secure and avoid being ‘hooked’ by phishing emails!
Learn more about phishing.