More than half of phishing attack emails contain malicious links. Furthermore, approximately one-third of all phishing attack emails manage to bypass default security methods.
So how do you determine if an email you’ve received is a phishing attack?
Sure, sometimes it’s obvious. But as cybercriminals continue to evolve and become more sophisticated, their phishing attack emails are becoming more convincing than ever before.
Here’s a complete checklist to go through when you receive a suspicious email:
An Overly Generic Greeting
More often than not, phishing emails are sent out to a massive list rather than one individual.
This means they’ll often contain generic greetings, such as “dear customer” or “dear member” whereas a legitimate source, such as your bank or a government organization, would probably address you by name.
A Request to Update or Verify Information
If the email contains some sort of request to update or verify your information, it’s likely a phishing email. No legitimate source will ask you to update or verify sensitive information over the internet. Chances are, they will call you or wait until you’re in the store/at the bank to go over this request with you.
A Lack of a Domain Address
Aside from looking at the name and company information, don’t forget to double check their domain address.
Hover your mouse over the “from” address to see if there is a legitimate domain or not. For instance, they may have !IRA.com instead of IRA.com. However, this isn’t always foolproof and it’s important to check for other signs too.
Grammar and/or Spelling Errors
Large organizations tend to spell check their email content carefully – meaning it’s not very common to find grammar and/or spelling errors throughout emails from your bank, government entities and other legitimate sources. Pay close attention to the grammar and/or spelling in the email.
A Sense of Urgency
If something is urgent, a legitimate source will typically call you or send you a piece of direct mail.
Cybercriminals tend to create a sense of urgency, such as “if you don’t respond, your account will be canceled” or “if you don’t pay the attached invoice, you
will be charged interest and it will go to collections.”
An Unsolicited Attachment
As a general rule, if the email contains an unsolicited attachment from an unknown sender or an unsolicited attachment that seems out of place from a sender you do know, don’t open it.
Typically, legitimate sources don’t randomly send emails with attachments. Instead, they will direct you to download something directly from their website.
Suspicious Links
Before you click on a link, hover over it to see where the link is actually going to take you. Often, cybercriminals will make it appear as though the link is going to a legitimate place, but once you’ve hovered over it, you’ll find that it’s taking you to somewhere else entirely. Always hover over any links before clicking them.