How To Spot Phishing Emails
It’s estimated cyber crime costs the world over $700 billion damages a year with phishing and email scams making up a large proportion of this due to their high effectiveness. Unfortunately this is on the rise and while spam filters are getting better so too are the scammers.
Increasingly fraudulent emails have become very deceptive with some being almost indistinguishable to genuine emails, this guide will help teach you some tricks to spot phishing .
1) Look at the email address
The easiest way to weed out the worst of the scam messages is looking at the email address its common from. If it ends in an unfamiliar domain like ‘.ru, .online, .store’, looks a little strange or has a spelling mistake like [email protected] with two L’s it’s almost certainly a scam as the address is taking you to a different site. Just note that email address its appearing to come from can be faked!
2) Different Reply address
An attacker almost always wants the ability to receive an email back from you, even if they appear to appear to have sent it from a fake email address. Click reply and see if the address changes.
If the new email is not identical to the alleged sender, especially if it goes to a free email account like Gmail or a strange email addresses its most likely fake.
3) Spelling Mistakes
Very rarely do large companies make obvious spelling mistakes in their emails. Spam and phishing messages may have poor spelling due to having a poor understanding of English or may even be added intentionally so all but the most gullible targets fall for it, making it more efficient for the attacker.
4) Hover over links
As a rule you should never click on links in emails as they may sneakily lead to a different website than what they display. Hover the mouse pointer over the link with your mouse and look at the URL in the box below. If it doesn’t match exactly match the above text its almost certainly a scam.
Most malicious messages want you to react urgently and perform a task such as verifying sensitive information, logging into an account, sending money or to click on a link to claim a parcel. While not evidence any urgent sounding or bizarre email should raise suspicion.
6) Is the email personalised with your personal details?
It’s unlikely your Bank or Colleagues have forgotten your name! Important emails should be personally addressed with your Full name and if applicable account number. Generic titles such as ‘Dear Sir’, ‘Dear Madam’, ‘Dear Friend’ is good warning size.
7) Verify the contact details in the signature field
If you have doubts about the email, check the name, job title and look at the log. Does the name sounds overly generic, is that person who you normally talk too and does the contact number match your the details you have on file?
8) Call the company
If your still not completely convinced there is no shame in giving the company a call and confirming if they sent the email. Make sure you call the company by visiting their official website or through the Yellow Pages and do not use the contact details from the email. Emails requesting you change the banking details of a organisation should always be confirmed with a phone call.
9) Unusual Attachments
You should always be careful opening attachments, especially if they have unusual file extensions like ‘.js’, ‘.vbs’, ‘.exe’ hidden inside of a zip file. Many new attackers are no longer sending these attachments due to spam filters stopping them, its becoming common now to send a pdf with a shortened URL linked to a phishing site.
10) Trust your instincts
Sometimes you will just have a gut feeling something isn’t right but you can’t just put pinpoint exactly what is. Don’t ignore this feeling, often its normally right! When in doubt treat it as suspect and get someone else to look at it. Its always better to play it safe.
11) Take the Test
Are you ready to see how good your skills are?
Click on the link below and see if you can spot the difference between genuine and phishing emails!
If you think you think you may have accidentally fallen a phishing email don’t panic and don’t try to ignore it. The faster you act the less damage can be caused.
Take a screen shot of the email or the website you visited, note down what information may have been compromised (ie bank credentials) and contact the organisation to alert them. If something was possibly downloaded or an attachment clicked, immediately contact your IT Support.
Do you need assistance or obligation free advice with phishing emails, spam filtering or IT support? Please feel free to give us a call on 1300 733 240 or send us a message .
Know any more tricks to identifying and fighting suspicious emails?
Leave us a comment below