Phishing attacks have been around for quite awhile but are still a highly effective way for cybercriminals to gain personal and business data. The reason this threat is still popular is because it works and is a highly effective way for criminals to gain access to crucial business data and more. 

In fact, up to 90 percent of all modern data breeches have involved a phishing attack. That’s an astonishing figure, one which should gain your company’s attention. 

Phishing attacks work by getting person to open an email, click on a link, or even download an attachment. These usually lead to malicious files being installed on your device. Through these malicious files and programs, cybercriminals are able to access personal and business data. 

The best defence is to be familiar with the different types of tactics used by phishing attacks and identify emails that are fake before opening them. 

How to Spot a Fake Email

Here are some ways to discern an email could be a fake: 

1). Who is the Sender?

Cybercriminals work to make a fake email appear legitimate through the use of domain names that appear to be correct. This includes emails sent from friends, businesses, and more. 

When you receive an email, check to make sure the domain name in the “from” field matches the address between the brackets. Be on the lookout for email addresses that contain typos in the brand name, are missing one or more letters, and more. 

2). Check the Greeting

Here, check to see how the email greeting begins. For instance, if you’ve been with a certain company for several years, they will not send you an email that begins with an impersonal greeting such as “Dear Customer.” 

Email greetings and intro should always include your other name. Otherwise, avoid opening them. If you do open an email that is not personalized, do not click on links, download attachments, or anything else they ask you to do. 

3).  Hover Over Links

When an email includes a link, then use your house to hover over the link in order to see the complete URL. Do not click the link—just hover over it. Clicking the link could take you to a malicious website, where infected files could be downloaded and installed on your device, all without your knowledge or permission. 

If the address is something you didn’t expect or somehow seems to be suspicious, then this is more than likely a phishing email. 

4). Does the Email Ask for Personal Information? 

Many phishing emails will ask you for personal information or credentials. This is very common. They may ask for usernames, passwords, credit card information, and more. 

These emails may include fake invoices that may tempt you to check them out. Another common ruse is to send an email that appears to be from your bank or an online store, saying there’s a problem with your account. They ask you to sign into your account using the link they’ve provided. 

These are only a couple of examples. Cybercriminals are ingenious in devising tempting ways to get you to open an email and give them the information they’re requesting. 

5). Poor Grammar and Spelling

If you receive an email that’s filled with spelling and grammar mistakes, this is usually a sign that this is a phishing attempt. 

The message may appear to be from a business that you regularly use. However, the clue that this is not a legitimate email is the poor spelling and/or grammar. 

6). Check the Email’s Footer

A legitimate email from a business should contain a physical address for the brand/business, or at least the correct website address (remember to check this by hovering over the URL, not clicking on it). 

In addition, many business emails include an unsubscribe button. 

If either of these pieces of information are not found in the footer, then the email is probably a phishing attack. 

7). Emails that Contain Warnings & Potential Consequences

Fear is another method used by hackers to gain the information they want. If you receive an email that’s filled with threats, warnings, or consequences of not following the instructions included, then this is a huge clue the email is a phishing attack. 

The goal is to make you afraid not to follow through and provide the information they want. The email will make you feel anxious and you may have a sense of urgency to comply immediately. 

Don’t fall for this trap and never comply with the email’s instructions. 

8). Never Give Out Personal Information

Make it a rule never to provide personal or business information over the Internet, unless it’s absolutely necessary. If you receive an email that is asking for credentials or other types of data, then it’s a good idea to contact the company directly. 

This way you can see if the email is real or not, while also alerting the business to the fact that cybercriminals are sending out emails under their name to gain business or personal information. 

9). If in Doubt, Delete the Email

If you’re ever in doubt about a specific email, then simply delete it. Especially if you don’t know the sender or something in the email just doesn’t seem right. 

Instead, if the email appears to be from a company or person you do you know, then simply make a phone call to verify the authenticity of the email. If the email is from a business or organization, and a phone call isn’t possible, then open a new browser window and type the URL for their site directly into the browser. Don’t use any link inside the suspicious email. Once on the site, you can sign in to verify if the email is from a legitimate source or not. 

Always delete the email if you believe it is a phishing attack. You can also report the incidence to your company’s IT department so they’re aware of the problem. 

10). Install Anti-Phishing Software

Another way to keep your business safe is to install anti-phishing software on your network. This software is able to handle everything from zero-day vulnerabilities, to identifying and neutralizing malware attachments, and more. 

These solutions are also made to protect cloud-based email services, or can be installed directly to email services on-premise. This type of protection is designed to keep phishing emails from getting through to employees’ inboxes. 

Summing It Up

Phishing emails are designed to get you to do something, install something, and more. They use psychology to get a person to comply with the instructions in the email. This may be done through creating a sense of urgency or fear in the email recipient. 

By following the steps outlined in this guide, you’ll be able to keep yourself and your business safe from phishing attacks. If an email ever makes you doubt it’s legitimacy, then there’s a problem. Don’t follow the message’s instructions. 

Simply delete it and inform your IT department about the problem, so they can take proactive steps to keep these messages from getting through to others.