A phishing attack can prove to be fatal for businesses that don’t take appropriate precautions. If news of a data breach reaches the public, your brand’s reputation and trust may be tarnished in addition to an impact on the top line.
We have hashed out some of the most common ways to spot a phishing email so you can keep your business safe.
What is Phishing?
Let’s start with answering the obvious question: What is a Phishing attack?
When an attacker sends an email pretending to be someone (for instance, a highly authoritative person like the CEO) or something he is not, it is known as a phishing attack or scam. The objective is to obtain confidential details from the target.
In essence, the attacker tries to arouse interest, worry, or a sense of urgency. The target is more likely to comply when asked to open an attachment or enter sensitive data (such as their account, password, or credit card number).
A few examples of phishing attacks include:
- Emails that seem to be from a reliable source, such as your bank or some eCommerce giant’s customer service.
- Calls that compel victims to act in a haste.
- Emails with links to phony websites where the recipient must enter their login information.
- Online ads compel the target to click on a seemingly trustworthy link that leads to a malicious website.
Depending on the attacker, phishing attempts may target a variety of people. They might be as commonplace as email phishing, trying to con anybody with a Facebook account, or they might be as extreme as picking just one victim. According to a report published by Verizon, 94% of malware attacks begin with phishing via email.
Spotting A Phishing Email
Following are a few ways you can spot a phishing email:
Emails Sent From Public Domains
No trustworthy company will ever email you from a domain that ends in “@gmail.com.” No! even Google won’t. Most businesses have their own email domain and accounts from which they send out official communications.
Therefore, check the domain name (what comes after @) of an email before opening it to be sure it matches the sender. However, there is a catch.
Hackers might try to imitate an actual email. An address like “firstname.lastname@example.org,” for instance, raises suspicion. When sending an email, Google will appear in the domain name, that is, the part that comes after the @ symbol.
Peculiar Email Addresses
Inconsistency in domain names, links, and email addresses is a dead giveaway. Examine the sender of emails carefully, and note any errors in emails as they may be signs of phishing attempts. Genuine companies have emails with their own domains. Hovering your mouse over (or clicking) the “from” address will allow you to see the email address of the sender in addition to their name. Verify that the address does not contain any additional numbers or letters.
As an example, check out the difference between these two email addresses: email@example.com and firstname.lastname@example.org
Email Sender Requests Sensitive Information
Sensitive information is rarely requested over email by reliable businesses. You shouldn’t trust any email that asks for sensitive data like passwords, credit card numbers, or social security numbers. You can always call the business making the request if you have a question about an email to get confirmation that it is legitimate. Just make sure you got the company’s phone number from the website, not the email.
No Security Certificate
Insecure URLs will start with HTTP://, instead of HTTPS://. Don’t click if the URL doesn’t have a security certificate.
If you get an email with an attachment from a business that you don’t know or weren’t expecting, you should be concerned. The attachment can contain malware or a malicious URL.
Even if you think the attachment is genuine, it’s best practice to scan it with antivirus software first.
Hover But Don’t Click
Cybercriminals love including malicious links in content that appears to be legitimate. Any links you find embedded in the email body should be hovered on with your mouse. Don’t click on any links with peculiar link addresses. Send the email to your security team immediately if you have any reservations about the link.
Check For Spelling Mistakes
Email is a very important medium for brands. Typically, legitimate communications don’t contain glaring language or spelling errors. Check your emails carefully and report any suspicious activity.
Phishing attacks are increasing, and they are regrettably more sophisticated than ever.
It only takes one employee to fall for a phishing attempt to give away the data you’ve worked so hard to protect, even with the most robust security measures. Make sure you and your staff are aware of these specific instances and how to spot phishing emails.