As most phishing emails will have at least one telltale sign, here are a few tips to help you spot a phishing email.
1. Tries to panic the recipient with an urgent call to action or threats
Most phishing emails are written to panic you with urgent action. The goal is to make you feel like this is a time-sensitive action that may cause you to miss out or be punished if you do not act. Examples may include, “We have noticed suspicious activity and you need to change your password,” or “You need to make a payment.”
2. First time or infrequent senders
It is not unusual to receive an email from someone for the first time, but when you get an email from somebody you do not recognize, it’s essential to take a moment to examine the communication extra carefully before you proceed.
3. Uses poor spelling and bad grammar
Online service providers have increased their security game by messaging their customers when unusual activity is detected on their user accounts. Not surprisingly, threat actors are using this to their advantage. Pay close attention to emails from your service providers. Check for poor design, incorrect spelling and bad grammar. Some emails look legitimate enough to click if the recipient is not paying close attention.
4. Email is not personalized or uses a generic greeting
Companies you work with should know your name. Be wary of emails addressed to “Dear Valued Member,” or “Dear Customer,” or those that use a generic salutation like “Good Afternoon” or “Hello.”
5. Uses a different domain than the company’s domain
Phishing scams often attempt to impersonate legitimate organizations. Make sure that the email is sent from a verified domain by checking the ‘sent’ field. If the email is from a Gmail, Yahoo, Hotmail, or other popular email platform, be particularly wary.
6. Contains suspicious links that do not match the domain
If you suspect that an email message is a scam, do not open any links that you see. Instead, hover your mouse over, but do not click, the link to see if the address matches the link typed in the message.
7. Includes unsolicited attachments
Avoid opening email attachments, even from a supposed well-known organization. Most companies will not attach or expect you to download files from their emails. They typically will direct you to their website so that you can download documents safely.
8. Asks for sensitive information
Organizations that do business with you will never request account information, credit card information, social security numbers or passwords by email. Except for passwords, the impersonated organization already has this information.
Beyond email, the internet has become a great resource for information and entertainment, but it can also be an avenue for security breaches or identity theft. You can learn various solutions using our free, interactive resource for keeping your and your family’s digital identity secure.
Content provided by LBMC cybersecurity professional, Bill Dean.
If you have enjoyed these tips and would like to receive more pieces like this, sign up to receive our various LBMC newsletters through our LBMC subscription center.