Updated: April 4, 2023
3-minute read time
Phishing is an online scam where criminals send emails masquerading as legitimate entities. They attempt to acquire sensitive information such as usernames, passwords, and credit card details. If they are successful, it puts businesses at risk of a data breach.
Cybercriminals use many different phishing techniques to obtain sensitive information. A common technique is an email with a link that seems to take you to a legitimate company’s website to fill in your information. However, the website is a malicious fake, and the cybercriminal gains access to all the data you provide.
Follow these tips to avoid being a phishing scam victim and keep sensitive information out of the hands of cybercriminals.
How to Recognize a Phishing Email
1. Watch for Overly Generic Content and Greetings
Cybercriminals send large batches of emails for more tremendous success. Look for examples like, “Dear valued customer.”
2. Examine the Entire “FROM” Email Address
The first part of the email address may be legitimate, but the last part is often off by letter or may include a number in the usual domain. Can you spot how this email address is fake?
Example: [email protected]
3. Look for Urgency or Demanding Actions
“You’ve won! Click here to redeem a prize,” or “We have your browser history. Pay now, or we are telling your boss.”
4. Avoid Emails that Request Login Credentials or Other Sensitive Data
Treat emails that request login credentials, payment information, or other data with caution – especially if they are unexpected or from an unknown sender. Cybercriminals are very good at creating websites that look very legitimate.
5. Carefully Check All Links
Protect yourself by carefully analyzing any links within the email. Mouse over a link and see if the link’s destination matches where the email implies you will be taken. Be sure the spelling is accurate with the proper characters.
6. Notice Misspellings, Incorrect Grammar, & Odd Phrasing
Legitimate companies use spell-checking tools to ensure emails are grammatically correct. Having errors in an email may be a cybercriminal’s deliberate attempt to bypass spam filters.
7. Check for Secure Websites
Any webpage where you enter personal information should have a URL with https://. The “s” stands for secure.
Additional Tips to Protect Your Business
1. Don’t Click on Attachments or Links
Virus-containing attachments might have an intriguing message encouraging you to open them, such as “Here is the schedule I promised.” Don’t click on anything until you know the email is legitimate. Links and attachments can lead to malicious websites or install harmful malware on your device.
2. Contact the Source Directly
Contact the company or person directly using a phone number or website URL you know is correct. Use a search engine to look up the website or phone number of the company or person contacting you. Do not use or click on the information in the email to contact the source.
3. Phishing Isn’t Limited to Email
Even if you successfully identify phishing attempts in your work inbox, it does not mean you are safe from other forms of phishing. Hackers regularly compromise social media accounts to send out malicious links, which can be especially dangerous if you use these platforms on your work devices.
See social media phishing in action and learn how to protect yourself.
4. Cybersecurity Awareness Training
One of the most effective measures to protect your business and your bottom line is to train your employees and yourself in cybersecurity awareness. Employees trained to recognize the signs of phishing attacks become your organization’s best line of defense against cybercriminals.
In this post, learn more about different types of phishing attacks, how data breaches impact you and your business, and what employees should do after a phishing attack.
Related content: Phishing 101: The Definitive Guide to Phishing in 2022