Bitter as it may sound but your inboxes are constantly vulnerable to cyber attacks. Phishing emails are a rampant problem and they are only getting worse with newer techniques of deceiving users. However, it is often easy to differentiate a phishing mail from a genuine one. All that it requires is a little extra vigilance and few tricks down your sleeve! So, here are the top 5 tips to identify a phishing mail. Keep these tips handy to spot a phishing mail and safeguard yourself from a host of other cybercrimes.
What is Phishing?
Phishing is the act of deceiving an individual through electronic communication in order to obtain his/her sensitive information. The information that is usually sought by malicious cyber criminals ranges from passwords and user names to credit/debit card and other financial details.
The greater consequence of phishing is financial frauds or identity thefts executed by misusing the victim’s confidential information. In fact, phishing makes up for nearly 90% of all data breaches.
Enterprises of all sizes are most vulnerable to phishing attacks due to their wealth of business-critical and sensitive data. Phishing attacks affected a staggering 76% of organizations worldwide in 2017!! Note that over 90% of malware continues to be delivered through emails.
Top 5 Tips to Identify a Phishing Email
Users all across the globe receive an average of 16 malicious emails every month! Additionally, with the host of email subscriptions that we consciously sign up for, a careful examination of an email before our response could be quite taxing.
Nevertheless, awareness is key to foiling potential attempts of stealing your confidential personal or business data. Here are some tips on how to spot a phishing email.
1. Stay Clear of any Demand of Sensitive Information via Email
Remember that a legitimate organization would never demand your sensitive personal or financial information through an email. Moreover, a company that you usually deal with would rather direct you to a phone conversation for any information about your account. Beware of unsolicited emails that demand personal information and contain a link or attachment. It is definitely a scam!
2. Be Wary of Generic Email Salutations
Steer clear of emails (usually, marketing emails) that address you as a ‘valued member’, ‘valued customer’, ‘customer’ or ‘account holder’. One must avoid emails containing such generic salutations at all costs as they are usually spam emails. Remember that a legit company would address you by your name.
However, some cyber conmen are avoiding the salutation part of the email altogether! So, make sure you refer to the other points in this checklist to identify if it’s malicious or genuine.
3. Check the Domain in the Email Address of the Sender
One of the most important tips to spot a phishing email is closely examining the sender’s address. Check the domain in the email address i.e. the part that comes after ‘@’. This would give you a fair idea about the origin of the email and hence its authenticity.
Cybercrime masterminds often alter the spelling here and there to make the domain look legitimate. So, exercise caution! Although, this is also not a foolproof tip as companies often use unique or miscellaneous domains to reach out to their customers. In fact, small-scale companies rely on third-party email providers to send emails. So the dubious-looking domain may actually be a genuine one!
4. Spelling Errors Should Ring a Warning Bell
Remember one thing! Every brand and every company is spending loads on its team of proofreaders and copywriters. This to ensure that the content that they put out to customers is free from errors, factual and grammatical. An erroneous content, especially in an email to a potential or existing customer is a huge embarrassment for the company.
Hence, it’s obvious that an email from a legit enterprise would be well written. On the contrary, one can easily identify scam emails by their grammatical and spelling errors. Obviously, hackers are no fools either! They know their target audience and such phishing emails are mostly targeted at the lower strata of the education pyramid.
5. Watch out for Unsolicited Attachments
Do you know what the most popular bait in phishing emails is? Unsolicited and suspicious-looking attachments and links. A legit organization never sends emails with random attachments or links. They would rather direct the user to their own website to download documents or files if required.
However, companies that do have your contact details may send you white papers, newsletters, etc. as an attachment. So, this isn’t again a fully reliable trick although you must be wary of attachments having .exe, .scr, and .zip extensions. The best way out is to contact the sender directly in case of any doubt.
Phishing Attacks are Getting Harder to Detect
The aforementioned tips to identify a phishing email shall surely increase your awareness and vigilance to phishing attacks. However, phishing attacks are getting stealthier and more sophisticated by the day. Attackers are no longer targeting victims with the typical spam messages having some or the other loophole giving them away. With evolving techniques, even discerning users may find it difficult to spot a phishing email until it’s too late!
It’s alarming that nearly half of the phishing or fake websites now come with SSL Certification i.e. the HTTPS encryption! They also increasingly using techniques such as web page redirects to evade detection. Furthermore, some fake banking websites are using fake fonts and other encoding techniques to give off the appearance of a genuine website. Such techniques are increasingly making it harder for even the most careful user to spot phishing attempts.
Incognito Forensic Foundation (IFF Lab) – Investigation Services for Phishing Attack Victims
Incognito Forensic Foundation (IFF Lab) is a forensics lab in Bangalore, specializing in digital and cyber forensics. Backed by a repertoire of the best-in-class forensic professionals, IFF Lab offers investigation and cyber security services and solutions. IFF Lab also provides training and awareness to enterprises and law enforcement agencies on cybercrime prevention.
