Phishing attacks are one of the most common threats that businesses face online today. They can cause severe consequences for corporations whose employees fall victim.
The negative consequences of falling prey to a phishing attack can include significant financial losses, lack of consumer trust, and even legal penalties. In 2020 alone, phishing scams resulted in $4.2 billion of loss to companies and individuals.
To avoid these losses, it is essential to ensure secure and safe operations by maintaining your business’s cybersecurity defenses. But even with the best anti malware and spam filters in place, human error will always play a role; it often is up to an employee to recognize the signs of a phishing attack to stop them from clicking a malicious link.
With that in mind, one vital piece of your cybersecurity includes educating employees on how to recognize and avoid phishing scams. Below are six telltale signs of a phishing attempt to watch for.
1. They Use a Fake Domain Name
In many cases, a scammer will try to imitate a trusted organization or person that the recipient is familiar with. In this case, the domain name of the email address the message was sent from can be an obvious sign that something isn’t right.
The scammer may use a domain name attempting to spoof off a legitimate company address—for example, “amazom.com” or “amazon.net” instead of “amazon.com”—in hopes the discrepancy will go unnoticed. Other times, the domain name may be completely random and totally unconnected to the business it’s supposedly associated with.
If you receive an unexpected email, read the domain name carefully to ensure it is from a legitimate company. Check to make sure that it matches the email address you normally receive emails from when communicating with that organization; typing the company name into the search function of your email application should pull up other emails you’ve received from that company, and you can then compare whether the suspicious email is coming from the same source.
2. They Ask for Personal Information
It is typical of phishing emails to ask you to divulge personal information such as your phone number, bank number and other financial information, or login information to an account. They may also ask you to make a payment through a link.
However, you should never send personal information via email. If you wish to make a payment to any of your service providers, do it on your account at the company’s official website.
A phishing email may also ask you to log into your account using a link included in the email. But instead, you should always go directly to the company’s website from a new browser window—not from a link in the email—to ensure you’re logging in to your actual account.
3. They Convey a Heightened Sense of Urgency
Messages sent as part of a phishing attack usually convey a sense of urgency to compel you to take action. They ask the recipient to hand over sensitive data immediately to prevent issues or to stop their account from being deactivated.
In fact, one study found that these are the most common words found in a phishing email headline:
Although there may occasionally be a crisis requiring quick action, most often, legitimate businesses won’t send you frantic emails about it. They also won’t threaten you with legal action for failing to respond. If you notice that an email seems to apply pressure to act quickly or threatens negative action against you, look closely at the sender information before taking any action.
4. They Contain Grammatical and Spelling Errors
Although a genuine business may make an occasional error in their spelling or grammar, phishing emails often contain multiple obvious mistakes and grammar formatting that seems odd.
If you notice that an email contains a lot of incorrect information and low-quality wording, it might be a phishing attack. At the very least, that’s a sign that the organization may not be credible.
5. They Claim That You Have Won Something
Another common characteristic of a phishing email is that it bears claims that sound too good to be true. If something sounds too good to be true, it usually is.
If you really won something, then it’s a pretty safe bet that the organization will not ask you to make them any kind of payment, including giving them your credit card information or buying a ticket to secure a prize you supposedly already won.
Approach such emails with extreme caution, especially if they are from an unfamiliar source.
6. They Include Suspicious Attachments or Links
Suspicious attachments or links often accompany phishing emails, and they can introduce malware to your computer if they’re downloaded or clicked. If you were not expecting to receive an attachment or are uncertain of what is inside, avoid clicking on it entirely.
You can also try hovering your cursor over any linked text to reveal the actual web address it connects to.
Avoiding Getting Phished
If a message you receive contains one or several of these characteristics, be wary!
Your employees should know how to recognize these signs, as well as the proper actions to take when they become aware that they’ve received a phishing message.
Protecting yourself against phishing and other digital attacks means using all available resources, including threat detection, anti malware, filters, and security training to educate your employees on phishing attacks, password security, and much, much more.