A look into the vast world of phishing reveals that the first phishing attack surfaced in the mid-1990s. It’s target? The early internet pioneer company, AOL. In this attack, hackers used email and instant messaging to impersonate AOL employees and steal user passwords, eventually taking over the victim’s account. While phishing is not a new form of cyberattack, it remains a growing concern as threat actors devise more sophisticated ways to reach inboxes and infiltrate digital devices. In this post, we’ll explain what a phishing email is, identify seven common red flags and share what to do when a phishing email casts a line in your inbox. Let’s dive in.
What are Phishing Emails?
Phishing emails are fraudulent emails that appear to be from a reputable source but arrive in your inbox with the intention of stealing personal information or infecting your device with malicious software known as malware. With 90% of data breaches resulting from online phishing tactics, phishing tops the list of cyberattacks in 2021. This form of social engineering attack is easy for cyber criminals to execute and, unfortunately, many people take the bait.
How to Identify a Phishing Email:
- Subject Line – Ask yourself if the subject line is relevant to you and your recent activity? Check to see if it matches the message context in the body of the email. Common phishing subject lines often refer to a hasty password change request, an online order, bank account info, Dropbox link or revised company policies.
- Email Address in the “From” Section – Always double check the sender’s email address to determine if the sender is someone you know and trust. Did you sign up for this account? Are you expecting an email from this company? In addition to the sender’s name, look at the sender’s email address for subtle changes or misspellings in the domain name. Always make sure the company’s domain name is correct before clicking on the contents within. Not sure if the email is impersonating another company? Hover your mouse over the sender’s name to see if it matches the sender email address.
- Email Address(es) Included in the “To” Section – If the email is addressed to a group of individuals, confirm that you know the other people on the thread. If you don’t recognize the other recipients, it could be fraud.
- Date Line – Observe what time the email was sent. Was it sent in the wee hours of the morning, outside business hours? If so, that’s a huge red flag.
- Email Body Content – If the email elicits a sense of urgency or requires you to take immediate action, it’s likely a phishing email. Other warning signs to look for include poor grammar, spelling errors and asking for personal info. It’s not commonplace for a credible company to ask for personal information such as login credentials and banking info via email.
- Links – Always hover over an embedded email link before clicking to determine if the URL matches what’s written. Carefully check for misspellings and inconsistencies in link. If things don’t match up it’s likely a scam.
- Attachments – Treat attachments with caution and ask yourself if the attachment makes sense with the email context. Today, most companies share files through tools such as SharePoint rather than email attachments. If this rings true for your workflow, receiving this type of email is a red flag. Whatever you do, NEVER download suspicious attachments – no matter how curious you are.
How to React to a Phishing Email:
Keep it simple – don’t open or click on an email you aren’t expecting. If you aren’t sure, delete it or add it to your junk folder, but don’t unsubscribe. Hitting unsubscribe on a phishing email lets scammers know your email is valid, posing a serious security threat to your computer. Doing so may infect your device with malware (such as ransomware, spyware, viruses and worms) and allow hackers to steal your credentials. If you suspect a phishing email, contact your IT team to investigate the security issue further and prevent others within your organization from falling victim to it.
As one of the leading forms of cyberattack, it’s important for every employee to be aware of phishing tactics. Knowing the warning signs and how to react to a craftily constructed phishing email is essential for the safety and security of your entire organization. After all, it just takes one wrong click to unleash chaos and cause significant damage to your online accounts and data. By staying vigilant, you’ll be able to keep “phishers” at bay the next time you receive a fraudulent email.