Cybercrime is a growing concern for every business, regardless of size or industry. By now, we’ve all heard about the Colonial Pipeline ransomware attack. While this was a targeted cyberattack, many similar attacks begin with a harmless-looking email.
Phishing is a form of social engineering attack in which a criminal will attempt to trick you into taking action by sending a fake email that appears legitimate. The email might ask you to confirm a password or account number, or it might prompt you to click on a link that then infects your computer with malware.
Almost 20% of all employees are likely to click on phishing email links and, of those, a staggering 67.5% go on to enter their credentials on a phishing website. – Terranova Security
Phishing is probably the most common and insidious online threat today. Here are five ways to spot a phishing email before you get into trouble!
- It requests personal information. A hacker will go to great lengths to ensure that an email looks legit, including logos or phone numbers. However, if the email asks for personal information like an account number or password, it’s a strong giveaway that it’s malicious.
- The web or email address doesn’t “look right.” Phishing emails often come from an address that looks legitimate but is slightly off. For example, you might receive an email from “amazoin.com” as opposed to amazon.com. Malicious links can also be concealed within the body of a suspicious email, right next to legitimate ones. Always roll over them and check before you click!
- It’s written poorly. Often poor use of language can be a tip-off. Read every email carefully and look for spelling and grammatical mistakes. If you received an unexpected email from a colleague riddled with mistakes, it might be a phishing attempt.
- There’s a suspicious attachment. If you receive an unexpected email that contains an attachment, proceed with caution. Scan it with antivirus software before opening it, and whenever possible, confirm it with the sender.
- An email is designed to induce panic. This is a common tactic. It might claim that your account has been compromised, and you need to click a link and change your password, or that your account will be closed if you don’t act immediately. If it looks suspicious, contact the sender through another way to confirm it!
Remember rule number one, “when in doubt, throw it out!” Links in emails, online ads, and social media posts, can often be the work of cybercriminals trying to steal your information. Even if you recognize the source, if it looks suspicious, confirm it, or delete!