Phishing emails: They are one of the most common forms of a web-hacker’s fraudulent attempts to obtain sensitive information from an unsuspecting individual; information such as passwords, credit card numbers, and other personal details. ‘Phishing’ is quite literally a play on the word ‘fishing’ where in criminals dangle a fake lure (e.g. the email that looks legitimate, as well as the hyperlinked website that looks legitimate) hoping users will bite by providing the information the hackers have requested.
According to the Valimail Spring 2019 Email Fraud Landscape report, at least 3.4 billion fake emails are sent each day — making phishing attacks something of a “spray and pray” strategy – spray as many false emails as possible in the hopes that someone takes the bait. With such a wide net cast, how can you better ensure your safety against phishing email? The first step is to familiarize yourself with the classic signs of hacker phishing. Following, we’ve detailed some of the most common traits of a phishing email.
Watch Out: Signs of Phishing Emails
The Email Address Contains Questionable Characters
When a suspicious email lands in your inbox, the first thing you will want to check is the legitimacy of the sender’s address. Oftentimes, cyber criminals will create email domains that closely resemble the name of the company, entity, organization, etc. they are attempting to impersonate. For example:
Subject: OVERDUE BILL: Pay Now or Risk Legal Action
Notice anything weird? At first glance, you might not, especially with such a startling subject line. Even more, the body of the email is likely to seem extremely valid, containing branded logo images and smart verbiage. However, after closer inspection you might see that with “w” in “wireless” of the sender’s email address is actually to “v” characters. Hackers are usually stealthy, and they will take whatever steps necessary to take on the image of the entity they are masking themselves as. To a Verizon Wireless customer weary of harming their credit (or losing cell service), this email might seem like something important to respond to — it might look like a bill worth immediately paying off.
The URL Does Not Match the Entity
Just as important as verifying the sender address is checking the integrity of any embedded URLs. Oftentimes, the URL in a phishing message will appear to be perfectly appropriate, yet they will link to phony sites — copies of the real deal. Never click on an embedded URL without reviewing it. To do so, hover your mouse over the top of the URL. You should see the actual hyperlinked address pop up as a hovering box. If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.
The Email is Poorly Written
Not all cyber criminals are as stealthy as we mentioned, or, at least, not as careful. Whenever a large, legitimate company sends out a message on behalf of the company as a whole, the message is usually reviewed by a number of dedicated editors for spelling, grammar, and legality before it ever reaches your inbox.
Read the body of the email. If a message is filled with poor grammar or spelling mistakes, it probably didn’t come from a major corporation’s legal department, or any genuine entity, for that matter.
The Message Asks You to Confirm Personal Information
Whenever an email makes requests that you wouldn’t normally expect via the web, it’s often a strong indicator that it’s not from a trusted source.
Keep an eye out for emails requesting you to confirm personal information that you would never usually provide — banking details, login credentials and passwords, account numbers, social security information, your home address, etc. If and when you do receive a message asking for such information, you should search online and contact the “sending” organization directly – do not use any communication method provided in the email.
An Attachment Looks Skeptical
Phishing email alarm bells should be ringing if you receive an email from a company out of the blue that contains an attachment, especially if it relates to something unexpected.
A fraudulent attachment could contain malware or a malicious trojan, leading to the installation of a virus — one that could infect your PC or even spread to an entire network. Even if your best judgement leads you to believe that an attachment is genuine, it’s good practice to always scan it first using antivirus software.
The Email is Designed for Panic
Fake emails commonly aim to instill panic in the recipient (think about the email subject line we presented in the first point). The email may claim that your account may have been compromised and the only way to verify it is to enter your login details. Or the email might state that your account will be closed if you do not act immediately. Ensure that you take the time to really think about whether an email is asking something reasonable of you. If you’re unsure about the authenticity of any message, act as we suggested prior – contact the company through other methods.
When in Doubt, Throw it Out
Phishing emails are one of the most common methods cybercriminals use to steal your personal information. Even if you know the source, if something looks suspicious, delete it and do the legwork to contact the legitimate source from the company website contact info. Practice due diligence by scanning all emails thoroughly, even if you don’t get that gut “wait a minute” feeling. The point of a phishing email is to avoid giving you suspicion so that the hacker can gain access to the sensitive email he/she wants.
Information Transport Solutions, Inc., a Uniti company, offers several state-of-the-art security solutions. Reach out to us today to discuss how to better protect your valuable online identity, and for more imperative awareness against the many forms of hacking, browse the resource library on the ITS website.