How to spot a phishing email

If you use a computer for work or business, you’re constantly at risk.

Cyber-attacks are coming faster than ever, and hackers have learned from their past mistakes. Modern phishing attempts are more sophisticated, and therefore more dangerous than those just a few years back.

Why are phishing attacks so prevalent?

Consider this statistic; according to a recent cyber security report by Verizon, a hacker who sends out 10 phishing emails has a 90% chance that at least one person will fall for it. 

Cyber criminals are playing the odds, and the odds are very much in their favor.

So how do you protect yourself now that phishing attempts have become ubiquitous and increasingly successful?

While some phishing attempts are painfully obvious – we all know a Nigerian prince does not have millions of dollars with your name on it – others are more difficult to spot.

You’ve likely received a phishing attempt from PayPal, your banking institution or even Microsoft and had to give it a second look to confirm whether it was legit. If you have a PayPal account or use Office 365, you are a prime target for this type of sophisticated phishing attack.

How to Spot a Phishing Email

In the old days, spotting a phishing email required nothing more than a basic grasp of the English language. Back then, emails were filled with broken English, spelling errors and grammatical mistakes, but modern attempts are more sophisticated, and far more difficult to spot.

If you want to avoid becoming the next victim, you need to stay vigilant. Here are some key things to look for as you work your way through your inbox. If you spot any of these warning signs, the email in question definitely warrants a second look.

  1. The email is unexpected and unsolicited. Did you receive a confirmation email for a shipping notice, an order you did not place, or a notice from the bank you were not expecting. If so, proceed with caution.
  2. Your name is not included. Hackers send out bulk messages in hopes of scoring a few hits. They do not have the time, nor the inclination, to personalize their messages. Red flags should start flying if the sender does not address you by name.
  3. The sender makes veiled (or open) threats. That threatening tone has become a hallmark of modern phishing attempts. From IRS threats to imminent arrests by the FBI, hackers are pulling out all the stops to scare people out of their hard-earned money.
  4. The email includes links. Infected links are the prime source of danger from phishing emails, so think before you click. If you have any doubts at all about the legitimacy of the email or sender, call for verification before clicking on any link.

Test Your Skills

phishing alertYou might think you have what it takes to avoid a phishing attack, but how can you really be sure?

With a 90% success rate, those hackers are catching new victims every day.

Each time you receive an unexpected email, ask yourself the following questions.

Or better yet, take this handy quiz and pass it along to family members, friends, and co-workers.

  • Did you check the sender’s email address? If the phishing email is coming from a hacked personal account, the address may not match the purported sender. (i.e. @mazon.com vs @amazon.com)
  • Did you verify the link? Clicking on an infected link could have devastating consequences. To see where a link goes, just hover your mouse over it, or right click and paste the link into a plain text document (not your browser). A mismatch between the purported sender and the link should be a dead giveaway.
  • Is there a strong sense of urgency? As mentioned earlier, many phishing emails use threats or an impending deadline to urge victims to take action quickly.
  • Does the email include complete contact information? If the email is vague on contact details and instead includes a general sign-off such as “Regards, IT Help Desk”, definitely give it a second look.

Above all else, engage in phishing attack prevention techniques, stay vigilant, and always err on the side of caution.

If you believe you have already fallen for a phishing attack, just give Ontech Systems a call at 262-522-8560. We can help you recover from the attack and provide you with the information you need to guard against phishing attacks in the future.

Google Rating
5.0