Phishing is a cyber-threat that’s here to stay. The sending and receiving of malicious emails will continue to dupe business professionals until email is no longer a thing – which, let’s face it, is not happening anytime soon. However, there are simple ways to avoid phishing attacks. You just have to know what to look for.
Don’t be fooled by perfect grammar.
When it comes to phishing emails, people are usually told that bad grammar is a surefire indicator of a phishing email, and if the email is written well, it should typically be good to go. However… this isn’t always the case. In fact, a malicious email can be written better than any email you’ve ever written. It’s important not to jump the gun and make assumptions. Carefully consider every aspect of an email before passing judgment.
Never underestimate a cybercriminal.
Like mentioned above, a malicious email can be written very well. But the “legitimacy” doesn’t stop there. The email can know who you are, the position you have, and the company you work for. It can even know internal processes and procedures better than you do. Never underestimate a cybercriminal. Don’t assume the email is legitimate just because it reads like it came from within your company.
Double-check and triple-check the email address.
It’s not hard to put someone’s name into an email address and call it your own. John Smith is John Smith is John Smith – however, JohnSmith1@gmail.com is considerably different than JohnSmith2@gmail.com. Take a few seconds to look the email address up and down. Make sure that John Smith isn’t Jon Smith and all the numbers and characters are in the correct places.
Question the urgency and content.
On many occasions, a phishing email will appear urgent. It will tell you that you need to do ABC right away or else XYZ will happen. But typically, this is far from the case and not how companies handle things. For example, they might say you have new information that needs to be reviewed immediately and ask you to download the attached document to review the update. However, most companies would either put that information directly into the email or ask you to log into your account to see it. In situations like these, it’s critical that you question the ‘why’ and ‘how’ behind it all. Why are you being asked to do this and is this how things are normally handled?
Always be suspicious.
The best phishing tip anyone, anywhere could ever give you? Be suspicious. In this case, suspicion is your greatest ally. It will push you into questioning the what, who, and why of any email you receive and in the process, help you avoid scams, malware, and breaches.