Did you know that spam accounts for 48.16% of the email traffic worldwide? So how do you manage not to click on something that results in successful phishing for an attacker? Obviously, this is a great and very important question that everyone should ask himself or herself, especially when it comes to messages that are so incredibly difficult to determine if they are real or not. But there are clues, that can give it away if you pay attention.
6 Phishing Clues to keep in mind
Here are some ways to spot phishing emails, and what you can do to protect yourself.
1. Setting Expectations
If you are not expecting a link or email in a message, it should throw up all kinds of red flags. Now, we realize that sometimes a family member or friend cannot help but send you a link to a funny cat video they know you’ll love, and that may be OK. However, they should preface it with a note or something to help you feel confident that’s really what it is. If it’s just forwarded with no personalized message, give them a call or send them a completely new email message to ask if it’s legit. Don’t reply to the message. Cybercriminals have become very adept at making sure they tick all the boxes when they are crafting messages. They even set up their very own support centres to take calls and they put the phone numbers and email addresses for them in those email messages.
2. Look for typos
When in doubt, check the email closely for misspellings and improper grammar. Strange language mistakes, as well as grammatical errors, are common in phishing. If you see them, that email should go directly into the trash.
3. The hyperlinked URL is different from the one shown
The hypertext link in a phishing email may include, say, the name of a legitimate bank. But when you hover the mouse over the link (without clicking it), you may discover that the actual URL differs from the one displayed and doesn’t contain the bank’s name. Similarly, you can hover your mouse over the address in the ‘from’ field to see if the website domain matches that of the organization the email is supposed to have been sent from.
4. The email urges you to take immediate action
Often, a phishing email tries to trick you into clicking a link by claiming that your account has been closed or put on hold, or that there’s been fraudulent activity requiring your immediate attention. Of course, it’s possible you may receive a legitimate message informing you to take action on your account. To be safe, though, don’t click the link in the email, no matter how authentic it appears to be. Instead, log into the account in question directly by visiting the appropriate website, then check your account status. It’s likely that if you do that, you’ll find out very quickly that the email was phishing, and you should delete it immediately.
5. Do you have an account with them?
It’s important to know what accounts you have. This last one has actually fooled people. If you don’t have an account from the sender letting you know you have an account problem, you can assume right away that it’s phishing.
6. The email includes suspicious attachments
It would be highly unusual for a legitimate organization to send you an email with an attachment unless it’s a document you’ve requested. As always, if you receive an email that looks in any way suspicious, never click to download the attachment, as it could be malware.
What to Do About Phishing Emails
In addition to learning how to spot a phishing email, here are a few other things you can do to better protect yourself and others from phishing scams.
1. Adjust your email settings for what is allowed in your inbox
Depending on which email platform you use, you likely have the option to have all incoming email sent to junk except for those from your contacts and safe senders. Doing this helps to prevent you from inadvertently clicking on a phishing email you thought was from a legitimate sender. Since you’ll have the email address for your bank in the safe senders’ list, any email pretending to be from your bank will end up in your junk box. Also, it’s much more convenient to click “empty junk” rather than having to sift through your inbox for potential junk.
2. Security software is a must
While email providers do a decent job in filtering out junk or spam email, it always helps to have additional layers of security in place. In the event you accidentally click on a phishing email you thought was legitimate, your antivirus protection is there to warn you that the site you landed on is a forgery. If the website you landed on tries to distribute malware through drive-by-download, your security software can detect and stop the malware from executing.
If you like to know more about how to prevent phishing emails ask our experts or read about our phishing simulation