Wednesday, September 30, 2020
Don't Take the Bait: 7 Signs of a Phishing Email You Need to Know
Phishing emails have become disturbingly more common in recent years. According to a study by Mimecast, roughly one out of every 61 emails sent globally is part of a phishing scheme. While that number may seem small, all it takes is a single phishing email to compromise your accounts, data and personal information.
You can still use email as a digital communications channel. However, you should learn the signs of a phishing email so that you can avoid taking the bait.
1) Initiated By the Sender
Phishing emails are almost always initiated by the sender. Cybercriminals use them to deceive recipients into divulging sensitive information, such as account usernames and passwords. Cybercriminals don't know when you last accessed your account, so most phishing emails are unsolicited. If a cybercriminal discovers your email address, he or she may send you a phishing email.
Because phishing emails are initiated by the sender, you can determine their legitimacy by contacting the company that he or she claims to represent. If you receive an email from what appears to PayPal, for instance, contact PayPal directly -- don't follow any links in the email -- to inquire about its legitimacy.
2) Locked Account
While there are several types of phishing emails, many of them will claim that your account has been locked or suspended. Some may claim that fraudulent activity was detected on your account, whereas others may claim that your billing information is incorrect. Regardless, the phishing email will likely ask you to log in to your account to restore its functionality.
Of course, login links in phishing emails don't point to legitimate websites. They point to malicious websites that are disguised as legitimate sites. When you click a login link in a phishing email, you'll be taken to the cybercriminal's website. It may feature the same name, logo and layout as a legitimate website, but entering your username and password won't allow you to access your account; it will only provide the cybercriminal with your login information.
3) Generic Salutation
Always check the salutation before interacting with or replying to an email. Phishing emails usually have a generic salutation. Rather than addressing you by name, they may address you as "loyal customer" or "valued account holder". Generic salutations such as these aren't used by legitimate websites. If you discover them when browsing your inbox, the emails are probably part of a phishing scheme.
Not all phishing emails use a generic salutation. A cybercriminal may use a personalized salutation if he or she knows your name. With that said, personalized salutations are far less common than generic salutations in phishing emails. Phishing is a numbers game. The more recipients who receive a phishing email, the greater the cybercriminal's chance of illicit success. Therefore, cybercriminals rarely take the time to identify recipients' names when sending phishing emails. They'll collect thousands of email addresses, after which they'll send the same phishing email with the same generic salutation to all recipients.
4) Unofficial 'From' Address
Phishing emails often have an unofficial "from" address. In other words, the email addresses from which phishing emails are sent don't match up with the websites they impersonate. Legitimate websites send emails using an official "from" address that matches their domain. If PayPal sends you an email, the "from" address will show firstname.lastname@example.org. Phishing emails, on the other hand, often have a "from" address with a different domain than that of the website they are impersonating.
The "from" address in an email can be spoofed, so you can't rely on that alone to identify phishing schemes. Spoofing occurs when a cybercriminal modifies the header data of an email. Unless it's authenticated using a technology like Sender Policy Framework (SPF), the email will likely be delivered with a spoofed "from" address.
5) Contextual Typos
You may come across one or more contextual typos in a phishing email. The body may contain misspelled words, incorrect punctuation, run-on sentences and other obvious typos. Legitimate emails can contain contextual typos as well, but most reputable brands strive to eliminate them in their emails.
Some people assume that typos are common in phishing emails because English isn't the native language of the cybercriminals behind them. Most cybercriminals are, in fact, located overseas where their digital footprints are harder to track, but that's not why phishing emails contain so many typos.
Phishing emails contain typos primarily to bypass spam filters. When a large number of recipients flag an email as spam, the inbox provider will add the message to its spam-filtering database. Any additional emails containing the same message will then be filtered as spam. By scrambling the content with typos, cybercriminals can trick inbox providers into thinking their phishing emails are unique.
6) Suspicious Link Address
Another sign of a phishing email is a suspicious link address. Phishing emails usually have a link. The link may consist of plain text, or it may consist of a button that looks like the same button used on a legitimate website. Either way, the link will have a suspicious address that doesn't match the domain of the website being impersonated.
You can view a link's destination address by hovering your cursor over it. Don't click the link. Instead, move your cursor over the linked text or button. You should then see the link's destination address displayed at the bottom of your web browser.
7) File Attachments
If a phishing email doesn't contain a link with a suspicious address, it will probably have a file attachment. Some phishing emails steal your information when you click a link, whereas others steal your information when you download a file.
File attachments in phishing emails often use the PDF, DOC, ZIP, SCR or EXE format. If you download any of these files, you may unknowingly infect your computer with malware. The malware may then log your keystrokes or otherwise steal your information as part of a phishing scheme.
Whether you use email for personal or business-related communications, you shouldn't blindly follow the instructions in these digital messages. If it's a phishing email, it could jeopardize your accounts, data and personal information.
By Robert Blake
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863
What is SOC-as-a-Service? By Robert Blake Having a Security Operations Center (SOC) in-house is expensive for the average business. Large ...
A managed IT service provider (MSP) is an outsourced company that takes care of a business's technology needs. They provide various serv...
Network segmentation refers to the process of dividing a computer network into smaller subnetworks, known as segments or zones. Each segment...