The email might ask you to confirm personal account information such as a password or prompt you to open a malicious attachment that infects your computer with a virus or malware. The phishing email is one of the most common online threats, so it is important to be aware of the tell-tale signs and know what to do when you encounter them. Here are 6 ways to detect phishing emails.

What is a phishing email?

Are you sure that email from UPS is actually from UPS? (Or Costco, BestBuy, or the myriad of unsolicited emails you receive every day?) Companies and individuals are often targeted by cybercriminals via emails designed to look like they came from a legitimate bank, government agency, or organization. In these emails, the sender asks recipients to click on a link that takes them to a page where they will confirm personal data, account information, etc.
phishing email

6 Signs of a phishing email

All internet users, especially those using company equipment or who have access to sensitive data, should be able to identify suspicious emails in their inboxes. Below are six common signs that can help your users identify a phishing email.

The email asks you to confirm your personal information

Often an email will arrive in your inbox that looks very authentic. Whether this email matches the style used by your company or that of an external business such as a bank, hackers can go to painstaking lengths to ensure that it imitates the real thing. However, when this authentic-looking email makes requests that you wouldn’t normally expect, it’s often a strong giveaway that it’s not from a trusted source after all.

Keep an eye out for emails requesting you to confirm personal information that you would never usually provide, such as banking details or login credentials. Do not reply or click any links and if you think there’s a possibility that the email is genuine, you should search online and contact the organization directly  – do not use any communication method provided in the email.

URLs with a misleading domain name

Scammers trick users by sending emails that look like companies from Microsoft or Apple. However, users should not fall under this type of scam and have to stay vigilant. Most users do not know how the DNS naming structure for domains works. For example, the domain name info.cyberhome.com would be a child domain of cyberhome.com as “cyberhome.come” appears at the end of the full domain name. Cyberhome.com.maliousdomain.com would not have originated from cyberhome.com because the reference to cyberhome.com is on the left side of the domain name.

An unfamiliar tone or greeting

When reading phishing messages, look for improperly used words. For example, a colleague sounds very familiar, or a family member sounds very formal. If the email sounds strange and does not use the language you’d expect from the sender, it is a good idea to look for other indicators that it may be fake.

phishing email

It includes infected attachments or suspicious links

Phishing emails come in many forms. We’ve focused on emails in this article, but you might also get scam text messages, phone calls, or social media posts.

But no matter how phishing emails are delivered, they all contain a payload. This will either be an infected attachment that you’re asked to download or a link to a bogus website.

The purpose of these payloads is to capture sensitive information, such as login credentials, credit card details, phone numbers, and account numbers.

The message creates a sense of urgency

Scammers know that most of us procrastinate. We receive an email giving us important news, and we decide we’ll deal with it later. But the longer you think about something, the more likely you are to notice things that don’t seem right.

Maybe you realize that the organization doesn’t contact you by that email address, or you speak to a colleague and learn that they didn’t send you a document. Even if you don’t get that ‘a-ha’ moment, coming back to the message with a fresh set of eyes might help reveal its true nature.

That’s why so many scams request that you act now or else it will be too late. This has been evident in every example we’ve used so far. PayPal, Windows, and Netflix all provide services that are regularly used, and any problems with those accounts could cause immediate inconveniences. The manufactured sense of urgency is equally effective in workplace scams.

Criminals know that we’re likely to drop everything if our boss emails us with a vital request, especially when other senior colleagues are supposedly waiting on us.

phishing email

Conclusion

Phishing attacks continue to increase in number and effects, following advancements in anti-virus protocols and detection technologies. Everyone is a target in today’s cyberwar climate but, by educating your workforce on How to properly spot phishing and handle phishing attacks, today‘s targets can become the future’s primary defense sentinels. The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cyber security.