Phishing is the most common form of cybercrime, with over 3 billion phishing emails sent every day, scammers are constantly looking for new and innovative ways to steal your sensitive data.
Phishing is a common attack method used by cybercriminals to steal information. Over time, these emails have become increasingly complex and much harder to spot.
It doesn't matter if you have the latest anti-virus protocols and detection technology. If you click on a link in a phishing email, you will most likely be compromised in some manner.
Keep reading to find out how to spot a phishing email.
What Is Phishing?
Before you can successfully spot a phishing email, you need to know exactly what it is. The most basic definition of a phishing email is an email sent to a variety of recipients with the objective of making the recipient perform a certain task. This usually takes the form of clicking a link, opening an attachment, or providing sensitive information.
The goal of phishing emails is to trick you into providing sensitive data. Once they've obtained your data, the attackers may create new user credentials for themselves or install malware into your system.
Cybercriminals use social engineering techniques to make their email look as genuine as possible. These emails are the most dangerous as they are set up in a way that seems relevant and genuine to you. Carefully crafted emails are incredibly difficult to spot if you don't know what you are looking for.
If you click on the link to a malware-infected website or open an attachment with a malicious payload, the cybercriminals will be able to do a variety of nefarious things such as deploying ransomware, opening a back door for future attacks, or exfiltrating data. If you're using a company computer and credentials, the attacker may also be able to access the corporate network undetected.
This is why it's crucial that all employees undergo regular training and awareness education. These training sessions will help your employees spot phishing emails before they make a mistake and damage can be done.
Emails Requesting Sensitive Information
If you receive an email asking for sensitive information like login details or account credentials, you should immediately be wary. Unless you spoke to someone in person, whom you can verify works at the organization you're talking to, and that person has told you you'll be receiving this email, you should consider it a potential phishing attack.
Legitimate companies will never ask you to send them sensitive information or ask you to log in using a link in the email. If you think the email might be legitimate, you should always go to the site itself to log in, and never click on the link provided. By logging in to the site itself, you'll be able to assess if any action needs to be taken without risking your information.
Phishing emails will make the request sound urgent. Some usual tactics include:
- Saying there has been suspicious activity or log-in attempts from your account
- Saying there is an issue with your account details
- Claiming you need to confirm a few personal details to keep your account in good standing
- Including invoices for things you didn't order
- Claiming you're eligible for a refund
Don't fall for these tricks. You can always double-check by contacting the company directly; don't reply to the email you received because you may be replying directly to the cyber-criminal. You'll be able to figure out if there is any problem with your account without providing any information yourself.
Bad Grammar and Spelling Mistakes
As a rule, professional organizations don’t send typo-ridden emails. While a typo might slip through the cracks, an email riddled with spelling and grammatical errors is a big red flag.
Most organizations use spell-checking tools on outgoing emails to catch mistakes, and because they know their professional reputation is on the line with every email they send, chances are they'll be free of mistakes and well thought out. If you're looking at an email and you raise your eyebrows at the way it is written, proceed with caution.
The only outlier to this is if you're dealing with someone you know who doesn't fluently speak the language you're communicating in. This is often the case with foreign-based businesses, where English is their second or third language. Still, if this is the case, be extra cautious.
Emails That Are Sent From a Public Email Domain
Your favorite company will never send emails from an address that includes "@gmail.com." or “.yahoo.com. Google from a corporate standpoint doesn't even use this email domain, their email address ends with "@google.com."
Unless you're dealing with an individual or a small business, most companies will have their own email domains and email accounts that they contact you through.
A popular way scammers try to trick you is to add the company name before the "@". For example, if they're pretending to send you an email from Google they might use "support.google@gmail.com." If you're in a rush, this might look legit, especially if the interior of the email matches other emails you've received from the company before.
This is why it's important to thoroughly check who is sending you an email and verify that the email isn't bogus.
If you've opened the email and it looks legitimate, make sure it's addressed to you. Often scammers will use generic terms to address you, so they can reuse the emails again later.
Know How to Spot a Phishing Email
These are a few of the many different types of Phishing emails that cyber criminals and nation-states use. You need to know how to spot a phishing email if you want to be able to effectively protect yourself from them. Unfortunately, you can't simply delete all emails from unknown senders as you might miss important information. So it's crucial that you know how to differentiate between a cold email and a phishing email.
Speak with a JANUS subject matter expert and enhance your cyber security posture by, contacting us.
