Phishing emails have cost companies more than $3.1 billion since January 2016 and it’s currently at an all-time high. Most users never question the “from” field in the emails they get day in and day out and without the right kind of tools, they believe there’s no reason not to trust the “from” field.
For both large and small-scale organisations, it is extremely important that the company’s line of defense against email phishing always have advanced email scanning technologies that include a secure email gateway and email authentications. This is one of the best ways to combat phishing and also protect your employees and customers. Examples of technologies are Domain-based Authentication Reporting and Conformance (DMARC) and Sender Policy Framework (SPF).
In today’s fast-paced digital world, unfortunately, no matter how sophisticated your company’s email security strategy and no matter what security tools you use, some phishing emails will eventually make it to your inbox.
More than security tools, a critical piece of email security strategy should be education. Let’s go through the eight tips on how to identify a phishing email below:
1. Never trust the display name
This is one of the favourite phishing tactics used by cybercriminals and they do this by spoofing the display name. For example, if a fraudster wants to impersonate a brand like “My Store”, the email may look like this:
To: You firstname.lastname@example.org
From: My Store email@example.com
Subject: Unauthorized login attempt
Now, since “My Store” does not own the domain “secure.com” themselves, email authentication defenses and spam filters might not block the email on “My Store’s” behalf.
As soon as the email makes it to the Inbox, it might appear authentic because most user inboxes and mobile devices usually only show the display name of the sender. So keep in mind to double check the email address in the header “from”.
2. Look at links but don’t click
Fraudsters like to embed malicious links in a legitimate-sounding email. Always hover your mouse over any type of links that you find in emails. If the link address looks suspicious, never click it and forward a copy of the email to your IT team immediately.
3. Check for spelling mistakes
Brands and organisations are pretty serious about their emailing. Authentic emails usually do not have any kind of spelling mistakes or the use of poor grammar. If you suspect any email, read it carefully and report if you find anything suspicious about it.
4. Urgent requests
A common tactic by fraudsters is to invoke a sense of urgency or fear. Beware of subject lines that say “urgent payment requests” or claim that your “account is suspended”.
5. Check the signature
Lack of a signature or lack of details about the signer or how you can contact the company usually points towards a phishing attempt. Legitimate emails usually provide you with contact details. Always keep an eye out for them!
6. Never click on attachments
Another common phishing tactic is to include malicious attachments with the emails that contain viruses, malware or trojans. Malware can easily steal your passwords, damage files on your computer or even spy on you without your knowledge. Never open any kind of email attachments that you are not expecting.
7. Never trust the header from the email address
Phishing emails not only spoof brands/organisations in the display name but they also spoof them in the including the domain name. Always keep in mind that just because the sender’s email address looks authentic (e.g. firstname.lastname@example.org), it may not be the case. A familiar name in your inbox is not always what you think it is.
8. Don’t always believe what you see
Fraudsters are extremely good at what they do. Most phishing emails include organisation logos, language and even a seemingly valid email address. Always be sceptical when it comes to your email messages, if it looks even slightly suspicious, never open it.
We hope that these tips will help keep you save in the email jungle. You can download our infographic on how to spot phishing emails for free by clicking here. Feel free to share the guide within your organisation and why not put it up in your pantry.
By Sushant Virdi, IT & Customer Support Engineer – Knowledge E