Phishing Emails: What They Are and How to Spot Them
Phishing scams are one of the most common and costliest ways that fraudsters try to gain access to computer systems. These scams are even more effective and dangerous if employees aren’t prepared to handle them. Considering the role human risk plays in effective cyber attacks, it becomes increasingly important that employees are trained to spot a phishing email.
What are phishing emails?
Phishing emails are a type of attack that occurs when a malicious actor sends an email that appears to be from a known source or contact with the intent of convincing the recipient to click on a link or attachment. They are designed to look legitimate, and are usually cloaked with a sense of urgency or fear which is intended to get the recipient to act without thinking. The goal of this form of cyber attack is to get the recipient to click on a link or download an attachment that will install malware on their computer or steal their personal information.
Spotting a phishing email can be difficult, as the perpetrators are continually improving their methods. However, there are some key signs that an email may not be legitimate.
What to look out for when dealing with phishing emails
- Sender’s Information: Always check the sender’s email address and the name of the organization they are claiming to represent. If the email doesn’t come from the business domain address, it’s likely a scammer. For example, if you receive an email that says it comes from PayPal, but the email address it comes is @paypa1.com or @paypai.com then you are probably being contacted by a scammer. Also check the email for lookalike characters. Does the number 1 replace the letter L? Does a zero replace a letter O?
- Spelling and Grammatical Errors: If you receive an email laden with spelling and grammatical errors, or one with weird spacing and unusual formatting, this could indicate it’s a phishing email.
- Random Link or Attachment: If the email includes a link that you’re asked to click on or an attachment you need to download in order to verify your account or obtain additional information, and you didn’t request an account reset or other information, it’s likely a scam. When receiving an email with a link to verify an account, it may also be good practice to check with your system administrator or IT department before taking action.
- Sense of Urgency: Be wary of any email you receive that contains an urgent response request. Especially ones that declare your account will be shut down if you don’t take action immediately.
- The Email Asks for Personal Info: If you receive an email that asks for your personal information, such as bank account info or social security number, you are dealing with a phishing email. There is no situation where you will be asked to verify your Personal Identifiable Information via email.
- If it walks like a duck and quacks like a duck, it’s probably a duck. Always err on the side of caution. If the email looks fishy, it probably is phishy… Most vendors will never send emails asking you to click on a link to your account. When engaging with your vendors, always go directly to their website and access through the normal logins.
If you receive an email that meets one or more of these criteria, it’s likely a phishing attack. If you receive a phishing email, it’s crucial that you do not click on any links and delete the message immediately.
Be sure to report the email to your IT department or cybersecurity team so they can investigate further. The number one thing you can do to protect yourself from phishing emails is to be vigilant about the communications you receive. Employees need to be aware of the kinds of cyber attacks they could potentially fall victim to, and know the measures that are in place to protect against these threats.
As cybercriminals become more and more sophisticated, and learn ways to use convincingly legitimate communications, it becomes necessary to be vigilant of any email or other digital communication you may receive. It is best to err on the side of caution to keep you and your information safe.
Nisos is The Managed Intelligence Company®. Our services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.