* This post may have affiliate links. Please see my disclosure
Can you recognize signs of phishing emails?
Suppose someone trustworthy ask you to provide personal information such as usernames, passwords, or bank account information through suspicious emails, ads, or websites. Do not rush! By responding with confidential data, you may have fallen into the phishing scam of a tech-savvy scammer or become a victim of identity theft.
Phishing frauds are a lethal weapon of chaos by cybercriminals. In most cases, criminals are after money or sensitive data that can be sold online. It does not matter if it is in a corporate environment or a regular user like me and you; cyber fraudsters can attack your most secured private data. First of all, let’s have a look at what phishing is and how phishing works.
What exactly phishing is?
Phishing is a fraudulent attempt to trick a user into getting confidential information, such as user name, passwords, and credit card details. Phishing emails can be in many different forms. I will explain a couple of those phishing techniques further down in this article. Still, whatever format the attacker uses, the main characteristic is that they are intentionally designed to look like a real email. That is why recognizing phishing is something that you must be aware of, to not get into those traps.
How Phishing Works?
A successful phishing attack usually has the following four characteristics:
1: Attack Planning
First of all, cybercriminals plan a way to approach you, usually based on services, demographics, or other factors. These con-artists use advanced techniques to scam you in getting your personal information. They may use illegitimate text messages, emails, and cybersquatting to trick you.
2: Attack Initiates
Professional cybercriminals use legitimate information and try to lure you into clicking on their provided links. Their primary focus is to trick you into providing confidential information, such as addresses or logging in to an account.
3: Tricked Personal Data
When you visit the cybercriminals’ links, you are directed to fake websites that look almost identical to the official website; the URL might even look similar. Once you enter your login details, the cybercriminals will be able to capture the same login information and log in to the real website with the credentials you just revealed.
4: Sensitive Data Theft
Since the phishers have stolen your sensitive information, they will likely steal from your accounts. Your money will be stolen, and they have successfully executed a phishing attack.
Email phishing scams involve such a persuasive falsification that could allure you to execute a harmful action by cyber con-artists. It will usually be opening an attached file or clicking a link. By doing so, malware will install on your computer, or you will face session hijacking. After that, all your sensitive information will be stolen. According to Google’s email product, Gmail, the artificial intelligence advanced algorithm blocks almost 10 million spam emails per minute.
How to Spot a Phishing Email
Phishing techniques are evolving. They are becoming more complex and sophisticated. But don’t worry, I’m going to tell you how you can spot whether an email is a phishing scam or a legit email.
An email might be a phishing scam if it contains any of the following signs:
1: Generic Salutations
When a cyber scammer or a team of digital fraudsters will send you an email, their intention is not to trap you alone. These cybercriminals will send out phishing emails in abundance, typically to millions of people at once. Therefore, they have to start emails with a general salutation like “Dear member”, “Dear customer”, or “Dear account holder” rather than directly addressing your name.
Another trick these con-artists will use to evade individual salutations is by just writing your email address such as “Dear [email protected]”. Sometimes a simple “Hello” or “Hi there” is a warning sign to you. Seldomly they don’t involve themselves with the hassle of proper greetings.
2: Misleading Email Addresses
Before you reply to an email, make sure that the sender’s address is correct and legitimate. Sometimes, hackers will try to deceive you by sending emails using misleading addresses. For example, hackers will use the “[email protected] Netflex.com” address to remind you to pay your Netflix bill instead of the official one, “[email protected] Netflix.com”.
3: Non-standard File Extensions
Office documents can include code in macros. Usually, files with macros are indicated with the file extension that ends with “m”, such as xlsm. Also, keep an eye on files with double extensions such as pdf.html. Also, be aware of some other unusual extensions like .js, .wsf, or .ink, etc.
Make sure not to fall for non-standard file extensions, even before downloading.
Sometimes the account of someone you trust could be compromised and used to send convincing messages with malicious content. If you feel something is off, don’t click it! Contact the sender via SMS, phone call, WhatsApp, etc. After all, it is always good to be cautious.
4: Unusual Request to Verify Your Account
If you receive such an email requesting you to update or verify your password, credit card number, or bank account number, just keep one thing in mind. Banks usually don’t ask for classified information, even through texts or calls.
This will alert you that it is undoubtedly a scammer trying to steal your personal information. You should immediately call your bank and make sure everything is all right.
5: Sense of Urgency
If an email tells you that something very important came up, and if you don’t take action immediately, you will lose a personal belonging or a service.
That is a tech-savvy fraudster trying to compel you to make a mistake. This is an email similar to your bank asking you to verify certain confidential information. Otherwise, your account will be held in the next 24 hours.
6: Improper Use of Language
If you find any improper language being used in an email, grammatical errors, or spelling mistakes, these are warning signs for a phishing scam. This time, a non-native or a foreign hacker is trying to trick you.
7: If Offered Something Valuable
Prize scam is very common these days. The signs of a prize scam involve receiving an email, and the sender congratulates you on winning something valuable like a prize bond or sweepstakes that you did not participate in.
If someone asks you to complete a survey that their organization is conducting on a specific issue, don’t fall into this trap. This is a hacker who is trying to get your personal information.
8: A Threatening Email
If you receive an email threatening you with devastating consequences if you do not reply or act accordingly, it is most definitely a scam email. For example, your system is at risk due to the presence of a dangerous virus. If you don’t want to lose all your personal data, then install their antivirus for free immediately. This also a very common phishing scam. Don’t install their security package to remove the virus threat. Ignore these emails or website pop-ups. If your antivirus or firewall warns you of any security threat, then run your verified and trusted antivirus program.
9: A Request for Donations
Suppose you receive an email with the address of a well-known charity, welfare trust, or donation collection for a natural disaster. In that case, it is certainly a phishing scam.
Once you enter your personal information, then that cyber-criminal will attempt to empty your accounts.
Occasionally, cybercriminals use a technique called cybersquatting. The registration, selling, or operating of a domain name similar to well-known websites, with a target to make profit or phish users, is called cybersquatting.
What Actions Should You Take If a Suspicious Email is Received?
If you apply the above ten tell-tale signs on a suspicious email, then you can heed the following actions:
- Do not click on any external links or attachments associated with the suspicious email.
- Hover your cursor over the link and compare it with the real links you frequently receive from any customer or vendor.
- You should search online on the email content, like a company, individual entity, etc. Don’t solely rely on the official websites because of cybersquatting. Also, search on other sources like social media accounts.
- If a suspicious email is from someone trustworthy, don’t use the “Reply” option. Instead, compose a new email and use the original email address, not copied from the dubious sender.
- Another thing you can do to avoid phishing is contacting the real sender using the phone or texting. You should not use the contact information provided in the suspected email but search for contact details online.
How to Prevent Phishing?
Whenever we hear the word phishing, the thought which comes into our mind is that it only applies to corporate emails and not individual users. Hackers mostly target someone’s credentials to lead them towards money or something valuable, whether you or some organization.
Whether it is you as an individual user or some private or government organization, it is always good practice to adopt the following simple steps to mitigate the phishing attacks:
1: Install Anti-Phishing Browser Extension
You can customize your web browser by installing anti-phishing extensions. Once the extension is added, it will automatically alert you if you visit any malicious site. These extensions run quick security checks before you access any website and compare them with known phishing sites. These extensions are free to use and can save you against phishers. Just make sure to select an extension that has reputable status with active updates.
2: Inspect Site’s Security Carefully
Before entering any credentials on a website, make sure it is a secure one. But how can you check if the site is secured? Well, it’s very simple. You will look for the site’s URL. If URL starts with https (Hypertext Transfer Protocol Secure) and has a closed lock icon near the address bar, then you are good to go. You can also check for the security certificate of the website.
3: Use Firewalls and Endpoint protection
For most regular users, have a dedicated firewall is not an option. In those cases, you can explore your home modem or router and see if they have any native security features that you can use to enhance the security of your network.
You can also leverage the free tier tools offered by well-know cybersecurity companies such as Sophos:
I would even say that given the aggressive state of cybercrime these days, it would be worth investing in a premium subscription to get the full features that Sophos offers.
Disclaimer: Keep I mind that Sophos Home Free always-on antivirus, parental web filtering, and remote management of up to three devices. For extra features, it will be required the premium subscription, as I mentioned above is a well worth investment.
4: Use Hardware-Based 2FA Authentication
Last but not least, you must protect your login and passwords! Sometimes, I know it is not easy to keep track of many different passwords; luckily, there are some great password managers like LastPass. It’ll help generate strong passwords and manage to secure your digital credentials. Further, for the security of your password manager, you can use a two-factor authentication (2FA) method. I always recommend an extra security layer to your credentials using a hardware-based 2FA authentication such as Yubikey.
You can visit my article on Security of LastPass Together with YubiKey: Ultimate Solution to Secure Your Passwords, where I cover the key benefits. Having a strong password and a safe password vault manager is critical in helping you fight against some phishing attack.
Do you want to test your skills to spot a phish? Ok, here is a free tool offered by Sophos that provides you different email and URL questions. You have to tell whether it is secure or a phishing scam. Click here to play the game and apply what you have learned from this article. Have fun!
One thing is for sure; technology is not infallible. You need to be your guard. Cybercriminals will develop new methods to breach your cybersecurity. All we can do to protect our digital lives from phishers is to use better security solutions, keep up to date with the latest techniques, and self-education by reading articles like this one. When you receive suspicious emails, trust in your instincts. If it feels wrong, probably it is. Keep your eyes attentive to the tell-tale signs mentioned above to avoid falling into a trap.
I hope that you have learned something valuable from my article regarding phishing scams. If you have any better defense against these digital criminals, please let me know in the comments so that my readers can benefit. If you have any questions, you can ask in the comments or reach out to me on social media.