Did Microsoft really send you that email you received yesterday? Is that message really from Google, Facebook or Netflix? Scammers try to steal information from you through emails and text messages mimicking popular brands you know or trust. One of the most common security challenges faced by individuals and businesses is Phishing.
Thousands of phishing attacks are launched every day. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year. These days scammers are getting better at tricking people, making it harder to spot them but there are some hints that give them away. Here are a few ways to identify phishing attacks and secure your information.
Check the Email Domain
Legitimate companies usually have their own email domains and will not send you email from an address that ends in @gmail.com. Also, check the spelling of the domain name, look out for misspellings and alterations.
Poorly Written Email
No legitimate company will send you an email with bad grammar and typos. Sometimes these scammers might use tools for spell checking and grammar but they might not use those words in the right context.
Double Check URLs
You might open an email that asks you to follow a link. If the email is from a legitimate company, the link will match the company’s URL or the context of the email. For example, if you get an email from Netflix, any link you are asked to follow should begin with netflix.com. Sometimes the link would be embedded in a button, so you might not see where it leads to. Hover your cursor over the button and the link will appear in a box at the bottom of your browser. If you are using your mobile phone, long-press the button and a popup containing the link will appear.
An unsolicited email with an attachment reek of scam. Authentic organisations do not include attachments in their email, rather you would be directed to their own websites to download documents. Do not download these attachments because they contain malware that would perform malicious activities.
Request for Personal Information
If you receive an email requesting for personal information like login details, credit card information, social security number or passwords, it is most likely from a scammer. Most genuine institutions will not request your personal information through an email.
Check the Salutation and Logo
A legitimate company you deal with would address you by your name if they required information about your account. Phishing emails make use of salutations like “Dear valued customer” or “Dear account holder”, sometimes, they avoid the salutation completely.
If the company’s logo used in an email looks different from the one on their legitimate website, it is a sign that the email is phishing. Sometimes the resolution of the logo used in a phishing email is poor.
Use of Urgent Language
Phishing emails contain messages that create a sense of urgency. They usually ask you to take action or it may be too late. Scammers know that when you are in a hurry, you are less likely to pay close attention or think clearly, so you might miss some things that don’t seem right.
To protect yourself or your company from phishing attacks, never click on suspicious links, educate your employees, install antivirus software, make use of multi-factor authentication for your accounts and pen-test your organisation defences to identify weak points.