Phishing emails are becoming increasingly common and are more dangerous than ever. Liron Barak, CEO and Co-Founder at BitDam, discusses how to recognize a phishing email and prevent extensive damage to you and your organization.
Phishing emails are one of the greatest threats to organizations’ security today. Aiming to steal information and use it for various purposes, phishing emails are easy to create, have relatively high success rates, and are notoriously difficult to identify.
According to Gartner, “Phishing is still the No. 1 initial access vector for malware attacks†(Gartner, How to Respond to the 2020 Threat Landscape, 2020). Learning how to recognize a phishing email is critical when it comes to keeping yourself and your organization protected.Â
Check out the warning signs below.Â
1. Look Out for Social Engineering Tactics
When it comes to information security, social engineering is “the psychological manipulation of people into performing actions or divulging confidential informationâ€. Malicious actors will use every trick in the book to get people to open emails and click on links or take other actions. Examples of social engineering when it comes to phishing emails include:
-   Asking you to click something in order to get something. For example, “You have an unread voicemail message! Click here to listenâ€.
-   Using a sense of urgency: These often include messages such as “Your account is about to be disconnected†or similar. In these cases, take an extra 30 seconds and think if it makes sense, if the sender is genuine, if the URL seems legitimate, and any other signs that might show something is wrong.
-   Offering you something that you were not expecting, like “You won a gift cardâ€. Unfortunately, many people still fall for these scams. Again, if someone is offering something for free, out of nowhere, it’s probably a trick.
Learn More: Hundreds of C-Suite Emails Compromised, Data Up for Sale on Dark Web
2. Is This Email Real?
Is it real, or just trying to look real? Look for clues, many of which can be found in the email itself.
- Check the sender’s actual email address – not just the name it shows it’s from, as this can be easily faked. Are there any changes to the spelling, strange characters, or usage of hyphens or dashes? These may be small changes that may be easily missed at first glance; an “L†instead of a “I†or a single “t†instead of “ttâ€.
- Look out for an unclear or out of context message and spelling/grammar mistakes.
- Is the email from an unexpected sender? Be doubly cautious.
3. You’ve Clicked the Link
You’re now on a webpage. Does it look real? Look for signs that indicate a fraudulent website:
- Do not trust a website just because it has the right logos. The fact that a webpage contains the logo of a brand doesn’t mean it’s genuine; this is easily faked. Does the webpage look real? Pay attention to its structure, colors, other pages within the site and the main menu.
- Let’s assume that you were lured to a fake Microsoft Office 365 login page and enter your O365 credentials. You probably visit the O365 login page almost daily. Is there a change in how it looks today? If so, be extra suspicious.
- URL: Here again, make sure that there are not any confusing spelling mistakes or something that seems out of place. Even a “secured†or “https†website can be easily faked. Note that sometimes the entire URL is composed of several subdomains in order to look legitimate. Always be alert.
Learn More: Top 5 Tips for Safe Internet Browsing in 2021
4. Do You Really Need to Enter Those Credentials?
Let’s say you received an email that asked you to click something. You’re redirected to a website, and you’re asked to enter your login credentials.
- Does this make sense? Couldn’t the sender include the information that you need to access in the body of an email or as an attachment?
- Â Whenever you’re asked to input credentials, be extra cautious. If someone gets hold of your login details, they have almost unlimited access to your data.Â
5. Beware of the Most Common Brands, Scams, and Tricks
While phishing tactics are constantly changing, there are some common tricks used that if recognized early, can save you much heartache down the line. Common tactics include:
- Fake O365 and G Suite login pages – These could just as easily be fake emails, OneDrive login pages, voicemail alerts, and similar scams. A great tip is to see if your browser completes your password automatically. If it doesn’t, stop. This could be a phishing scam.
- The use of Office Forms or Google Forms asking you to enter your credentials. The golden rule? Do not enter your password in any sort of form! It is always, ALWAYS a phishing scam.
- While Microsoft is the most common brand that is fakedOpens a new window , other brands often used in phishing attacks include Google, Adobe, Dropbox, DHL, PayPal, and Netflix. Whenever you receive an email from one of these brands, evaluate its legitimacy with a critical eye.
Learn More: Caution! Ransomware Crisis Is Not Going Away. Here’s How to Act on It
Safe Email Habits
Email is still the most popular form of communication in a business context, and phishing emails continue to threaten organizations of all sizes and types. Stay alert, think twice before entering login credentials, and always ask yourself: “Does this make sense?â€
While these tips go a long way towards keeping you aware of phishing emails, they should be combined with a technological solution to identify and stop phishing emails. This approach – combining awareness and technology – is the best way to keep yourself and your organization protected.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!