One of the most common attacks used by hackers today is the email phishing scam. These scams come under the guise of an unsolicited email purportedly from a reputable company. To gain access to confidential information, the scam uses scare tactics, hoping to quickly trick the recipient into downloading an infected attachment or clicking on a malicious link.
Do not allow such tactics to stampede you. Always take the time to carefully check any unsolicited emails, no matter how legitimate they look or how urgent they sound.
Phishing scams can cause considerable damage once email links and infected attachments are accessed. This includes infecting other computers on the network, installing malware or exfiltrating data.
Also, if there are employees using unpatched applications on their personal devices when accessing corporate data, the damage is compounded from possible drive-by attacks.
Without knowledge of how to spot a suspicious email, both individuals and businesses with employees are at risk. Here are some of the ways to determine if an email is fraudulent.
Check the sender’s email address
At first glance the message appears to be from a legitimate company. Closer inspection can reveal inaccuracies. Take the time to look up the spelling of the purported sender’s name and email address online.
How is the email addressed and signed off?
Reputable companies will use your name when sending you an email. Phishing scams tend to address you as “Dear Sir” or “Dear user.” Reputable companies include the name of the sender, whereas sign offs have a company named only.
Creating a sense of urgency using strong language such as “Urgent, immediate action required,” and “You will lose access to your account,” is designed to make you act quickly instead of taking the time to determine if the email is legitimate. These can be in the subject line or the body of the email.
Are there links and downloadable files?
Beware of malicious links or downloadable files are designed to look legitimate. Rolling over the link with your mouse often reveals a different link used for phishing.
If you should happen to click on a link, check the landing page carefully for inaccuracies. Is the sender’s name misspelled? Is there a header and footer on the page, or does it looks unfinished?
How to report a phishing scam
If you receive a phishing email:
- Forward the email to the Anti-Phishing Working Group at firstname.lastname@example.org.
- Report the phishing attack to the FTC at ftc.gov/complaint.
This post may contain affiliate links.