By the time you finish reading this article, countless fake emails (also known as phishing emails) will have landed in hundreds of thousands of inboxes all over the world.
While many of these malicious messages are so poorly crafted that it’s immediately clear they’re frauds, a considerable number of them can be convincing enough to fool even the most savvy readers.
With aggregate losses estimated to be in the billions of dollars, phishing remains a lucrative scam for cybercriminals. So how do you protect yourself from these thieves? The key is in knowing how to spot the difference between a phishing message and a legitimate email.
Here are 5 red flags you should look out for when you receive a suspicious message.
The sender is not using a company address, or uses a free email service
Most banks and businesses have their own private email system and use their company names as their email addresses. This means that official communications should only come from addresses that contain the company’s name like email@example.com, firstname.lastname@example.org or something similar. Notice how the brand or company name is located to the right of the @ sign, not on the left.
If you receive a supposed email from your bank using an email address from free email services like Hotmail, Yahoo Mail, Gmail or other similar services, call your bank immediately and report the phishing attempt.
The message contains spelling or grammatical mistakes
Correspondence from financial institutions and businesses are usually reviewed for spelling, grammar, regulatory compliance, and a number of other things by a team of copy editors before being sent out. If a message is filled with spelling mistakes or poorly constructed sentences, there’s a good chance that it’s not legitimate.
Also, pay extra attention to the spelling of the sender’s email address. Cybercriminals intentionally use misspelled email addresses like email@example.com for phishing purposes.
A government office or agency sends a threatening message
A new scheme used by cybercriminals is to send fake messages purportedly coming from a government agency like the FBI claiming to have detected illegal activity on the recipient’s computer. They then demand that the victim pay a “fine” to avoid legal action.
Unless you have previously contacted a government office through email, government agencies don’t generally use email as the first point of contact and especially for important legal notices.
The email contains misleading or misspelled links
Most phishing emails rely on the recipient’s lack of understanding about how the Internet, generally speaking, works. Links are very easy to fake, so whenever you receive an email that instructs you to click on a link, always double check the link before clicking on it. You can do this by hovering your mouse pointer over the link. You can see the actual link address it directs to on the lower left side of your screen or in a yellow popup near the actual link.
Remember to check the spelling of the link address as well. It’s easy to mistake www.bankofamerca.com for www.bankofamerica.com.
As a general rule, it’s always safer to just open a separate browser tab and type the link address yourself.
The sender is requesting your personal information
Any time you receive an email message asking for your personal information like your password, credit card number, or account number, you can be sure that it’s a fake. Regardless of how “official” the message looks, it’s never a good idea to share personal information via email. Besides, your bank does not need to ask you your account number; they already have that information in their system.
It’s important to note that these 5 warning signs do not exclusively apply to unknown or suspicious email senders. Sophisticated hackers are now using compromised email addresses to send fake distress emails to the victim’s contact list to fool family and colleagues into sending money. So the next time you receive a “distress” email message from your pretty co-worker asking for money after having lost all her cash and belongings while supposedly vacationing in Maui, don’t be too quick to don your knight in a shining armor costume. It’s always better to err on the side of caution.
For assistance in strengthening your company’s data and physical security protocols, speak with our ID security experts at 1-800-667-1772. Calls are toll-free. You can also reach us via email.
For Further Reading: