Updated: January 23, 2023
Phishing is an online scam where criminals send emails masquerading as a legitimate entity. They attempt to acquire sensitive information such as usernames, passwords, and credit card details. If they are successful, it puts businesses at risk of a data breach.
There are many different phishing techniques used by cybercriminals to obtain sensitive information. A common technique is an email that includes a link that appears to take you to a legitimate company’s website to fill in your information. However, the website is a malicious fake and the cybercriminal gains access to all the data you provide.
Follow these tips to avoid being a victim of a phishing scam and keep sensitive information out of the hands of cybercriminals.
How to Recognize a Phishing Email
1. Watch for Overly Generic Content and Greetings
Cyber criminals send large batches of emails for greater success. Look for examples like, “Dear valued customer.”
2. Examine the Entire “FROM” Email Address
The first part of the email address may be legitimate, but the last part is often off by letter or may include a number in the usual domain. Can you spot how this email address fake?
Example: notification[email protected]
3. Look for Urgency or Demanding Actions
“You’ve won! Click here to redeem prize,” or “We have your browser history pay now or we are telling your boss.”
4. Avoid Emails that Request Login Credentials or Other Sensitive Data
Treat any emails that request login credentials, payment information, or other data with caution – especially if they are unexpected or from an unknown sender. Cybercriminals are very good at creating websites that look very legitimate.
5. Carefully Check All Links
Protect yourself by carefully analyzing any links within the email. Mouse over a link and see if the link’s destination matches where the email implies you will be taken. Be sure the spelling is accurate with the proper characters.
6. Notice Misspellings, Incorrect Grammar, & Odd Phrasing
Legitimate companies use spell-checking tools to ensure emails are grammatically correct. Having errors in an email may be a cybercriminals deliberate attempt to bypass spam filters.
7. Check for Secure Websites
Any webpage where you enter personal information should have a URL with https://. The “s” stands for secure.
Additional Tips to Protect Your Business
1. Don’t Click on Attachments or Links
Virus containing attachments might have an intriguing message encouraging you to open them such as “Here is the schedule I promised.” Don’t click on anything until you know the email is legitimate. Links and attachments can lead you to malicious websites or install harmful malware to your device.
2. Contact the Source Directly
Contact the company or person directly using a phone number or website URL you know is correct. Use a search engine to look up the website or phone number for the company or person who is contacting you. Do not use or click on the information in the email to contact the source.
3. Phishing Isn’t Limited to Email
Even if you successfully identify phishing attempts in your work inbox, it does not mean you are safe from other forms of phishing. Hackers regular compromise social media accounts to send out malicious links, which can be especially dangerous if you use these platforms on your work devices.
4. Cybersecurity Awareness Training
One of the most effective measures you can take to protect your business and your bottom line is to train your employees and yourself in cybersecurity awareness. Employees that are trained to recognize the signs of phishing attacks become your organization’s best line of defense against cybercriminals.
Learn more about different types of phishing attacks, how data breaches impact you and your business, and what employees should do after a phishing attack in this post.
Related content: Phishing 101: The Definitive Guide to Phishing in 2022