Phishing is a cybercrime in which a target or targets are contacted, typically by email, by someone posing as a legitimate individual (CEO or manager) or institution. These emails typically include a call to action, such as requesting your information or asking you to complete a task.
Signs of Phishing Attempts
- Emails insisting on urgent action – do so to fluster or distract the target. Usually threatens a negative consequence if the action is not taken, making victims fail to study the email for indications it may be bogus.
- Emails containing spelling mistakes – emails claiming to come from a professional source that contain spelling mistakes or grammatical errors should be treated with suspicion.
- Emails with an unfamiliar greeting – emails containing language not often used by friends and work colleagues likely originate from an attacker and should not be actioned or replied to.
- Inconsistencies in email addresses – look to detect inconsistencies between the sender’s email address and previous emails received from the same person.
- Inconsistencies in links and domain names – links to malicious websites can easily be disguised as genuine links.
- Hover your mouse pointer over a link in an email to see what displays as the address before clicking on it.
- Be wary of suspicious attachments – file sharing in the workplace now mostly takes place via collaboration tools such as Dropbox, OneDrive, or SharePoint. Therefore, emails from colleagues with file attachments should be treated suspiciously.
- Be extra cautious of unfamiliar extensions or ones commonly used to deliver malware payloads (.zip, .exe, .scr, etc.)
- Emails that seem too good to be true – incentivize targets to click a link or open an attachment with the promise that they will benefit by doing so.
- Emails requesting login credentials, payment information, or other sensitive information – should always be treated with caution. By adopting the anti-phishing practices listed above, recipients should be able to determine whether these messages should be treated as a threat and be able to deal with them accordingly.
How can you avoid these threats?
- Stay informed about phishing techniques – new phishing scams are being developed all the time, making it easy to fall prey to one.
- Think before you click – clicking on links that appear in random emails isn’t a smart move.
- Verify a site’s security – make sure the site’s URL begins with “https” and there should be a closed lock icon near the address bar. Check for the site’s security certificate as well.
- Check your online accounts regularly – get into the habit of checking in with each of your online accounts on a regular basis.
- Keep your browser up to date – stop ignoring browser updates, the minute one is available download and install it
- Be wary of pop-ups – pop-up windows often masquerade as legitimate components of a website.
- Never give out personal information – as a general rule, never share personal or financially sensitive information over the Internet or via email
- Confer with co-workers and employees – discuss how you typically communicate, including what you would not do
What to Do if You Receive a Phishing Email
- Take a screenshot or verify legitimacy with your co-workers / manager
- Delete email
- DO NOT…
- Forward the email
- Reply to the email
- Download attachments or click through links
Examples of Phishing Emails