Let’s Go Phishing – 5 Tips to Recognize Phishing Emails

Posted on by Jeremy Posted in Cyber Awareness, Cyber Security, Social EngineeringTagged , , , , , , , , , , , , ,

KEY POINTS

*The following statistics have been provided by our friends at the National Cybersecurity Alliance (NCA).

  • In a recent National Cybersecurity Alliance survey, 72% of respondents reported that they checked to see whether messages were legitimate (i.e. phishing or a scam) compared to 15% who reported not doing so. (NCA)
  • 47% of the participants said they used the reporting capability on a platform (e.g. Gmail, Outlook) “very often” or “always”. (NCA)
  • In 2022, out of more than 1,700 incidents of cybercrime that were disclosed by participants, 36% of those were phishing attacks that led to a loss of money or data, while 24% reported falling victim to identity theft. (NCA)

As we embrace Cybersecurity Awareness Month, there’s no better time to sharpen our defenses against one of the most common and deceptive threats in the digital realm—phishing emails. Phishing attacks continue to pose a significant risk to individuals and organizations alike, with cybercriminals becoming increasingly sophisticated in their techniques. In this article, we aim to empower you with five essential tips that will help you recognize phishing emails.

Whether you’re a seasoned cybersecurity expert or a casual internet user, staying vigilant and informed is your first line of defense in this ever-evolving digital landscape. Let’s dive into these valuable insights to enhance your online safety and reduce the risk of falling victim to phishing scams.

  1. Check the Sender’s Email Address:
    Phishers often use email addresses that resemble legitimate sources. Encourage individuals to carefully inspect the sender’s email address. Look for misspelled domain names, extra characters, or unfamiliar domains. If in doubt, they should contact the organization using official contact information rather than responding to the email.
  2. Examine the Greeting: Phishing emails often use generic greetings like “Dear Customer” or “Hello User” instead of addressing recipients by their name. Legitimate organizations usually personalize their emails. If an email lacks a specific and personalized greeting, it may be a phishing attempt.
  3. Be Cautious of Urgency and Threats: Phishing emails often create a sense of urgency or threat to manipulate recipients into taking immediate action. This can include warnings of account closure, financial penalties, or security breaches. Individuals should be skeptical of such emails and independently verify the claims through official channels.
  4. Look for Spelling and Grammar Errors: Phishing emails often contain spelling and grammar mistakes. Encourage individuals to scrutinize the content for these errors. Legitimate organizations typically have professional communication standards, so errors can be a sign of a phishing attempt.
  5. Hover Over Links Before Clicking: Advise individuals to hover their mouse pointer over any links or buttons in the email without clicking. This action will reveal the actual web address where the link leads. If the URL looks suspicious, doesn’t match the claimed destination, or uses a different domain, it’s likely a phishing attempt. They should avoid clicking on such links.

Bonus Tip!
Enable Two-Factor Authentication (2FA): Enabling 2FA provides you with an additional layer of defense to protect yourself from phishers by requiring a second form of verification, such as a text message code or an authentication app.

If you suspect an email is a phishing attempt, report the message to protect yourself and others. If your organization offers email reporting as a service, you may find options to report the email via the “report spam” button in your email toolbar or settings. For personal email accounts, you may be able to report spam or phishing emails to your email provider by right-clicking on the message, or selecting the report email option from a toolbar. As a last step, delete the message. Don’t reply or click on any attachment(s) or link(s), including any “unsubscribe” link(s). Simply delete the email and enjoy the rest of your day!

Staying cautious and verifying the authenticity of emails is a fundamental part of online security. Regularly practicing the above five steps will significantly decrease your chances of following victim to a phishing email.

Have any questions regarding phishing? Contact us and we will be delighted to assist you with your security needs! Make sure to subscribe to our mailing list to stay up-to-date with our latest security tips and tricks.

Additional Resources