You’ve Got Mail: 7 Ways to Identify Phishing Emails

The first thing I do when I wake up, before I reluctantly slink out of bed, jump into the shower, and run for the coffee machine for liquid energy, is check my email.

My hand immediately shoots out and grabs my phone. It’s sad; but true. I feel this powerful urge to skim through Fortune daily updates, work email chains and PetSmart promos (because of course seeing a sale on a dog lobster costume is more important than brushing my teeth or making it to work on time).

Lurking amongst the usual coupons, promos, newsletters and weekly check ins from Mom (Hey sweetie, have you heard of this ChatSnap?) are the seemingly innocuous emails from an unknown entity, or maybe even posing as someone you do know.

We’ve seen them all. You’ve won 50 bajillion dollars or your long lost uncle, Bob, from a company you never heard of left you a house made out of gummy bears. Recently, these phishing emails have been getting more tactical, posing as an employee within your company requesting a doc review or sending you a fake invoice. Trusting that you know the sender, many of those documents get opened where unfortunately, the virus was lurking all along.

Ok, maybe not those exact situations, but, you get the idea. You receive these emails, and you can bet your employees get them too.

Phishing email scams are a big deal. In 2014, they cost organizations around the world $4.5 billion in losses, and phishing attacks increased by more than 162% from 2010 to 2014.

How can you protect your company from phishing emails? We’re sharing 7 ways you can tell an email is a phishing scam:

1) Mismatched URLs

You can look, but you can’t touch (or click in this case). If an email looks suspicious, it’s better to be safe than sorry. Avoid clicking on any links. Instead, try hovering over links embedded in the email. If the hyperlinked address is different from the address that is displayed, you’ll know the message is probably fraudulent.

2) Sketchy email attachments

Phishing emails will often include malicious attachments that contain viruses and malware. Malware can corrupt computer files, steal passwords or spy on you and gain access to your online activity, bank account information or any personal data.

The easiest way to tell if an attachment is dangerous is to look at the file extension. Potentially dangerous file extensions include .exe, .msi, .bat, .com, .cmd, .hta, .scr, .pif, .reg, .js, .vbs, .wsf, .cpl, .jar and so on.

Also, avoid any Office files with macros. If an Office document extension ends with m, it most likely contains macros. If you see files like .docm, .xlsm and .pptm, be careful. Some companies use macro-enabled files, but your best bet is not to open them.

3) Poor spelling and grammar

Everyone makes mistakes. Even the best email marketers and big-name brands mix up you and you’re, misspell accommodate (whoops!) and place a comma where it has no right to, be.

However, if you’re receiving emails littered with typos and incorrect spellings every other sentence, these are telltale signs that this email isn’t from a legit source.

4) Disappointing sign-off

Is the email signature lacking in contact details or nonexistent? If the signature only says Joe Shmoe, Head of Email Phishing Department, and doesn’t include a phone number or a way to contact the sender, be cautious.

Legitimate businesses will always provide contact information. How else will prospects and customers get in touch?

5) Unknown “From” address

Who’s the email from? Have you heard of this person or company? Do they have an active online presence?

You may receive emails from senders claiming to be from a law enforcement agency, the IRS, the FBI, etc. If you’re not sure the email is legit, search on Google and other search engines to see if other people are receiving the same email. Forums and security websites should mention if the email is the real deal or a scam.

Go with your gut on this one. If the email address looks fake, it probably is.

6) Big promises

Does the offer seem too good to be true? Then, it probably is. If a stranger is offering you big bucks or an easy fix to a complicated issue, it’s most likely a scam. We’d all love to win the lottery without actually buying a ticket, but it’s just not happening.

7) Suspicious questions

Are they asking for personal or credit card information? Do they want you to click on a link and enter a password? Reputable companies will never ask for sensitive information in an email. Immediately delete these emails and advise your employees to do the same.

Bottom line

When receiving any email, use your best judgment. The email could feature a stunning brand logo, persuasive language and a convincing email address, but still be fake.

Think before you click on anything. Always ask yourself, was I expecting to hear from this person? Did I actually enter this contest the email claims I won?

And, of course, don’t forget your employees. You may know what to look out for when opening an email, but do your employees?

Protect your business’s data and network by letting employees know about the warning signs. Share tips for spotting phishing emails in a company-wide meeting or email. You could even include screenshots of phishing email examples.

Constantly worried about data security? Put your mind at ease. Learn how you can defend your data against security vulnerabilities by downloading our guide Security, Manageability, Reliability: The Keys to Safe Data below.

No Comments

Post A Comment