How to Avoid Phishing Email Scams

One of the most common attacks used by hackers today is the email phishing scam. These scams come under the guise of an unsolicited email purportedly from a reputable company. To gain access to confidential information, the scam uses scare tactics, hoping to quickly trick the recipient into downloading an infected attachment or clicking on a malicious link.

Do not allow such tactics to stampede you. Always take the time to carefully check any unsolicited emails, no matter how legitimate they look or how urgent they sound.

Phishing scams can cause considerable damage once users access email links and infected attachments. This includes infecting other computers on the network, installing malware or exfiltrating data.

Also, if any employees are using unpatched applications on their personal devices when accessing corporate data, the potential for a drive-by attack may compound the damage.

Without knowledge of how to spot a suspicious email, both individuals and businesses with employees are at risk. Here are some of the ways to determine if an email is fraudulent.

Check the sender’s email address

At first glance the message appears to be from a legitimate company. Closer inspection can reveal inaccuracies. Take the time to look up the spelling of the purported sender’s name and email address online.

How is the email addressed and signed off?

Reputable companies will use your name when sending you an email. Phishing scams tend to address you as “Dear Sir” or “Dear user.” Reputable companies include the name of the sender, whereas sign offs have a company named only.

Scare tactics

Scammers try to create a sense of urgency by using strong language such as “Urgent, immediate action required,” and “You will lose access to your account.” These can be in the subject line or the body of the email. Don’t rush into action; take time to determine whether the email is legitimate.

Are there links and downloadable files?

Beware of malicious links or downloadable files designed to look legitimate. Rolling over the link with your mouse often reveals a different link used for phishing.

Landing Page

If you should happen to click on a link, check the landing page carefully for inaccuracies. Is the sender’s name misspelled? Is there a header and footer on the page, or does it looks unfinished?

How to report a phishing scam

If you receive a phishing email:

• Forward the email to the Anti-Phishing Working Group at reportphishing@apwg.org.
• Report the phishing attack to the FTC at ftc.gov/complaint.

Core Topic: Protecting Your Privacy and Data Online