Phishing emails can be your worst nightmare! The problem with these forms of deceptive messaging is that they masquerade as legitimate entities. Unfortunately, they are the Transformers equivalent of Decepticons, the most infamous of which is Megatron. This analogy is important in that it provides a visual frame of reference for users.
Phishing emails take on many different forms, including email messaging from co-workers, friends, family, government officials, colleges, and businesses. The devil is in the details. At first glance, phishing emails may pass the litmus test; many of them are expertly crafted, with superb audio-visual elements, designs and layouts. They really do look like the real deal. But they’re not, and if you click on the links and input information, you could be in some serious trouble…
10 Dead Giveaways That You Are Staring at a Phishing Email
- Look at the URLs – the integrity of messages is best determined by carefully scrutinizing the URLs. At first glance, the URL appears to be legitimate, but closer inspection reveals it to be a fraudulent URL. Just recently Ledger.com reported a mass phishing attack against its customers. SMS messages and email messages were being sent out by the truckload, requesting cryptocurrency users to login to a faux URL and provide their 24-word recovery phrases. Closer inspection of the URL provided by the sophisticated attack revealed an anomaly on the letter ‘e’ and the letters ‘gd’ of the word Ledger* in the URL. An unsuspecting user may well have missed that, but it makes all the difference. Check the hyperlink address against the displayed address. If there is a mismatch, you are about to get phished!
- The Message is Off – this is part logic, part gut feel. If you are the recipient of a mysterious, suspicious, or fishy email message, rather delete it. There is no benefit to clicking on potentially dangerous malware. Phishing emails are designed to steal personal, sensitive information, including ID, social security information, username/password combinations, and banking information. If the message makes bold claims, or is simply suspicious, mark it as spam and move on.
- Grammar, Diction, & Punctuation – it seems disingenuous that anyone who is attempting to phish & pharm data doesn’t do the necessary homework to correctly craft content. Yet, this oversight is welcomed with open arms by security consultants. Believe it or not, most phishing attacks can easily be avoided by paying close attention to the grammar, diction, & punctuation in these messages. When you get a less-than-perfect email message, consider the fact that it may be malware.
- Sender Alert! When you receive a suspect email message, check and verify that the FROM field in the message emanates from a legitimate source. For example, if you receive an error message from Microsoft, Apple, or Google, confirm that the email response address is a legitimate Microsoft, Apple, or Google email address. If there are lots of alphanumeric characters in the email address, and it blatantly misses the name of the company itself, there’s your answer.
- Alerts from Your Internet Security Software – Many of today’s Internet security systems are adeptly skilled at identifying malware in email messages, pop-ups, links, and URLs. If you receive one of these emails, you may be wondering: Is this site safe to open? You deserve an answer. One of the most trusted systems to hit the market in recent years is MyWOT (Web of Trust). Trusted by millions of users worldwide, WOT is a community-driven Internet safety blanket that identifies suspicious content and flags it accordingly. This downloadable application works with all browsers to alert users to potential malware threats. MyWOT can instantly identify unsafe emails and attachments and red flag them for your benefit. That way, you avoid the problem from the get go. The problem with malware is that once an attack has taken place, it may already be too late. Forewarned is forearmed!
- Request for Personal Information – most people are skeptical of emails requesting sensitive, personal information. That’s a good thing! Regardless of how official -looking an email message is, from your bank, a government agency, a company, or even a bizarre email from a purported relative in distress; never ever give out personal information over emails. Your bank will never ask you for your PIN code, or your account number. If you are debating the legitimacy of the information being requested, rather contact the land-based company that you know to be true and accurate and verify whether the email was sent from them.
- Run Your Mouse over Links to Spot Fraud – you can make a malicious URL appear to be a legitimate address by simply providing window-dressing to a fraudulent link. For example, a link in an email message claiming to redirect you to www.Ci10 Tips for Spotting a Phishing Emailtibank.com may not necessarily go to that address. When you run your mouse over the link, you may be shocked to learn that it redirects somewhere else. The actual URL address must match what you see on your screen for credibility purposes.
- Zip Files, Images, Folders, and Attachments – when you see any attachment in an email message from a sender you do not recognize, or trust, delete the email message immediately. If you accidentally delete a legitimate email, they will likely contact you again by email, snail mail, or telephone to remind you to act. Prevention is better than cure when it comes to phishing attacks. Once you open the floodgates to malware, adware, Trojans, viruses, ransomware, and the like, it’s very hard to get things back to normal, if at all.
- Look at Company Details, Dates, and Addresses – most everybody knows that Apple Inc is based in Cupertino, California. In fact, many of the big tech companies operate out of Silicon Valley. If you receive an urgent message from one of these companies and the footer of the email message reveals strange company details, including copyright dates, and physical addresses that just don’t look accurate, don’t click, or add biographic information to the email. Verify the authenticity of these types of messages with the respective company in question. Any pressing demands for payment should be approached with extreme caution.
- How Are You Being Addressed in the Email? Nowadays, banks, financial institutions, retail outlets, and e-commerce operations routinely address their customers by their first name. The emphasis has shifted from generic marketing and communications to personalized communications. If the sender doesn’t know your name, do not respond to the email with any personal information.