Protip: Identifying Phishing

Are you sure that convincing email you just received from Southwest Airlines is really from Southwest Airlines? Companies and individuals are often targeted by cybercriminals using emails crafted to look like they are from a legitimate organization or financial institution while seeking to obtain your sensitive, confidential information. Phishing emails trigger emotions such as curiosity, fear, sympathy and greed. Learning how to identify a phishing email can prevent an attack, stop damage to your computer and ultimately maintain your organizations security.                        

Be on the lookout for these seven ways that hackers are dangling their lures, angling for your data and hoping you take a bite!

Emails Demanding Urgent Action
This approach is used to rush recipients into urgent action before reviewing the email for potential flaws or inconsistencies. The email threatens a negative consequence or loss of opportunity when action is not taken or information is not provided.

Emails Containing Bad Grammar and Spelling Mistakes
Another way to recognize a phishing email is bad grammar and spelling mistakes. Before sending, many companies create well-written emails and apply spell-checking tools by default to ensure their emails are grammatically correct.

Emails with an Unfamiliar Greeting or Salutation
Those emails containing phrases not normally used in informal conversation with your work colleagues or in business interactions such as “Dear” or “Dear Account Holder”. Typically, recipients are always addressed by their first name.

Inconsistencies in Email Addresses, Links and Domain Names
Check the sender’s email address against previous emails from the same organization. To confirm if a link is legitimate, hover your mouse over the link (“from” address field) to see what pops up. When the email originates from Google, but the domain names reads something else, report the email as a phishing attack.

Suspicious Attachments
Watch for high-risk attachment file types associated with malware including .zip, .exe, .scr, etc. Remember most of your work related file sharing takes place with collaboration tools such as OneDrive, Dropbox or SharePoint.

Emails Requesting Login Credentials, Payment Information or Sensitive Data
Treat emails that originate from an unexpected or unfamiliar sender requesting login credentials, payment information or sensitive data with caution. These messages look like the real thing and often include a link directing the recipient to another page. Remember, never click the link from within an email and always input the company’s known URL into your browser.

“Too Good to be True” Emails
Congratulations!  You’ve just won free airline tickets, a gift card to spend in our store or a 3-day cruise to the Bahamas… click on the link to view the details and provide additional personal information to claim your prize.”  If the sender is unfamiliar or the recipient did not initiate contact and this seems too good to be true, it probably is and more than likely, this is a phishing email.

It only takes one employee and a simple click to be caught up in the middle of a phishing scam. By knowing what to look for and recognizing all of the telltale signs, both you and your organization can spot a suspicious email preventing yourself from getting lured into one of the most common forms of a cyber-attack.  



Filament Protip

All of our service area leaders have dozens of years of experience. These are protips they’ve picked up along the way that you can use right now to solve common issues.