How to Detect and Avoid Phishing Emails

Phishing e-mails, constituting one of the most common ways of cyber fraud, have been at the forefront of the concerns of security professionals for several years, for instigating ransomware infections.

5 tips to identify a phishing e-mail

  1. Check the display name: Just because it is coming from a name you may know it does not mean that this is the case. Always look at the email address, not just the sender.
  2. Is the e-mail asking for personal information? Legitimate companies are unlikely to ask personal information in an e-mail, at least without informing you first in some other way and validating that the information will be secured. Don’t give up personal information unless you are absolutely certain whom that information goes to.
  3. Has the e-mail an urgent tone? By creating a climate of emergency, the potential hacker aims to create panic so that the recipient won’t have much time to think and act recklessly. Beware of urgent or threatening language, particularly in the subject line.
  4. Is the e-mail properly signed? It is a key feature of legitimate e-mails that senders include a full signature block at the bottom, while businesses always provide contact details.
  5. Is the e-mail grammatically correct? Potential attackers are often less concerned about spelling or grammatical consistency than a normal sender would be.

5 tips to protect from a phishing e-mail

  1. Look but don’t click: You can mouse over the e-mail, but think twice when it is to click, especially if the alt text looks weird or is not in accordance with the link description. If you want to test the link, open a new window and type in website address directly rather than clicking on the link from unsolicited emails.
  2. Analyze the salutation: Is the email addressed to a vague “Valued Customer?” If so, watch out, legitimate businesses will often use a personal salutation with your first and last name.
  3. Don’t click on attachments: One of the most regular tactics of phishers is sending juicy attachments. Chances are that this has a long name. Don’t open attachments, unless you actually expect one.
  4. Don’t trust the header from email address: Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address.
  5. Don’t believe everything you see: Always have in mind that phishers are good at what they do: A phishing e-mail may look completely valid. No matter the time of the day, it is most preferable to contact the company if something looks strange, rather than putting an entire organization at risk.

Did you know?

A special form of cyber fraud, known as social engineering, refers to attackers manipulating individuals into acquiring personal information that will be used for fraudulent purposes; otherwise known as hacking the human. One way to do so is via e-mail.