Phishing attacks are rapidly increasing, creating billions of dollars in losses this year alone. And it won’t be slowing down anytime soon.
The solution sounds easy enough: educate employees on the risks of cyberattacks, and give them easy ways to detect a phishing email. Yet reality shows that criminals are savvier than ever. Moreover, the more realistic an email is, the more likely it is to be clicked.
According to a recent security report, nearly 90% of all cyberattacks are carried out by email. Software protection is no longer enough to keep you safe. A multi-layered security plan can help mitigate email security risks, but a deeper understanding of how these threats work will offer better protection in the long run.
Of course, this also works both ways. If your business relies on sending regular emails, you must create clean, well-written content to help prevent your emails from going to spam folders in services like Gmail. This increases your risk of receivers reporting your emails as spam, eventually blacklisting your domain.
The best place to start is detecting what a phishing email looks like and handling it once it’s received.
1. Inconsistencies in Email Addresses & Domain Names
The more authentic an email looks, the greater chance of being opened and clicked. Scammers know this, so they look for any way possible to add authenticity to the email. As a result, you’ll find slight discrepancies in the email addresses, links, and domain names.
If something doesn’t make sense, it’s best to go with your gut instinct. Pull up previous correspondence from the same source and verify the data. If email addresses or domain names don’t match, don’t click. It’s always better to go back to the source and verify the email’s authenticity.
2. Never Click Anything
It’s fine to click on links from trusted sites, but when you click on links from random emails where you aren’t comfortable with the source, it can lead to problems.
Before clicking on any email link, hover your mouse over the link to see what pops up. Email provides a hover function that lets you see the link before you click. Does it lead where you expect it to go? Detecting a phishing email can be difficult when it looks legitimate, but most will have just enough errors to make you think twice. Spend those extra few seconds authenticating the email before you click.
3. Grammar & Spelling Errors
Because many phishing emails are created quickly, they often have bad spelling and grammatical errors that can make you think twice.
Does the email start with “Dear customer?” Spammers often use spell checkers to ensure words are spelled correctly but might not use the words in the proper context. If it doesn’t sound like something that would come from this source, don’t click.
4. Odd Tone or Greeting
Have you ever received an email where the tone is off? Or the person sending the message never uses the language included in the email? It’s a sure sign of a phishing email. This is where it helps to pay attention to the personality of the email, ensuring it sounds like it’s coming from the source. When in doubt, go back to the sender and verify it’s real.
5. Request for Personal Info
Reputable companies will never ask you for personal information in an email. If a company seems to be asking for too much, it’s better to verify it first. Head to their website and log into your account. You’ll find the same request on your dashboard if the email is authentic. Or give the service center a call; be sure to use the phone number on their website, not included in the email.
6. Threats or Urgency
If an email ever adds a threat or states you need to take immediate action, it’s a red flag that something is wrong. They often claim that it’s an emergency situation, the CFO needs a wire transfer, or you need to take action to claim their reward.
7. Check for a Signature
An easy way to check for authenticity is to see who sent the email. Head down to the signature block; is it from a legitimate person? A quick check may be the deciding factor.
8. Suspicious Attachments
Attachments are often used for malware to be deposited onto your computer. A good rule of thumb is never to open an attachment unless you’re expecting it, even if it’s from a trusted source. Verify the sender emailed it to you before you open it.
9. Don’t Believe Their Games
A quick check for spammy content will help you detect a phishing email. A legitimate company knows that authenticity is everything when trying to prevent an email from going to spam accounts in services like Gmail. They work hard to ensure their emails meet certain expectations and have a purpose for being sent.
10. Backup Your Emails
Because phishing attacks can be detrimental to a company, it’s always better to be safe than sorry. If you have doubts about an email or feel you’ve received a phishing email, backup your emails, and report it to your SOC and let them sort it out. A good guide to backing up your emails can be found here, and this step-by-step explainer video can help you along as well.