What is phishing?
Phishing is one of the many methods used by cybercriminals to gain sensitive data from users. Individuals are targeted via email, telephone or text message by someone posing as a legitimate institution to lure them into providing passwords, company information, credit card info and more.
What does a phishing email look like?
Phishing emails come in many variations, but there are some common red flags to look for to help identify suspicious emails. Listed below are the nine common signs of a phishing attack.
Nine common signs of a phishing attack
- A generic greeting – Because phishing emails are sent out en masse, hackers often use generic greetings with no personalization, like “Dear Member” or “Dear Sir.” Sometimes there is no greeting at all. These are all red flags, particularly if the supposed sender’s standard greeting is different.
- A deceptive email address – A phishing email address can be off by just one letter. For example, a phishing email may be from [email protected] in an attempt to fool you into thinking it is a legitimate message from Amazon.
- Request to update to verify account – Hackers will often generate emails that prompt you to verify your account information, spoofing them as if they are coming from well-known, popular vendors or financial institutions. When you click the link, it goes to a fake login page that is actually stealing your credentials.
- Sense of urgency – The goal of a phishing attack is to trick the recipient into clicking on a bad link or attachment. Using social engineering tactics, hackers create messages that are designed to elicit an emotional, immediate response based on fear or excitement. This urgency is a major red flag
- Deceptive URLs – The linked text in an email doesn’t have to represent the true destination. To check a link without clicking on it, hover over the text, and the actual destination URL will appear. Be on the lookout for even the slightest variation to the URL, such as an extra dot or a missing letter.
- An attachment – In the age of phishing, ALL attachments should be approached with caution. If you were not expecting an email with an attachment, or it is not the normal protocol for that sender, verify it directly with the sender before opening.
- Prize or award notification – Avoid clicking on links to claim a prize. If you want to confirm it, contact the supposed source directly through a clean browser window or by phone. This includes messages about refunds or credits that you weren’t expecting.
- Misspelling or grammatical errors – Many phishing emails come from cybercriminals in foreign nations, and the result is misspellings, grammar or syntax errors. If the language seems awkward or different than the normal tone for that apparent sender, treat with caution.
- Odd messaging – If anything about an email or text seems “off” or abnormal, avoid clicking on any links or attachments. Instead verify the information with the supposed sender first.
How can I protect my company?
Education is the key to preventing breaches. Since 91% of data breaches begin with a phishing email, it is vital employees understand how to spot them.
While awareness and security education aren’t 100% foolproof, they are a crucial tool for preventing attacks. For more information on ways to reduce your employees’ phish-prone percentage, contact Corsica Technologies today.
(877) 901-2022 or corsicatech.com