Phishing is one of the most common cyber crimes.
And because they’re so deceiving, a lot of people fall prey to phishing emails.
To make sure that doesn’t happen to you, we’ve put together these 5 warning signals you should look for in emails.
Phishing is on the rise
Phishing is the fraudulent practice of sending emails and pretending to represent a reputable company to entice you to reveal personal information, such as passwords, company data, credit card numbers, or other valuable information.
People who do this are trying to:
- Steal your money
- Steal your identity
- Steal information about your company and sell it to competitors
One thing to remember is that a phishing email will always ask for personal information.
Unlike malware, phishing emails don’t require as much technical knowledge, so they’re popular amongst scammers. And according to Mimecast’s State of Email Security 2020, 58% of organizations saw an increase in phishing emails in the past year.
5 tell-tale phishing signs
It’s best to exercise caution and keep an eye out for these 5 tell-tale signs that you might be dealing with a phishing scam.
1. The email is sent from a free email service
The first thing you should do is to check the sender’s email address. No reputable company will ever send you information using a free email service address.
Notifications from PayPal come from email addresses ending in @paypal.com. The ones from Netflix use @netflix.com, and so on. Not even Google employees themselves rely on @gmail.com; they use @google.com.
And while the email address is one of the biggest red flags, you still need to be extra careful about it.
That’s because most inboxes tend to display the sender’s name, not the email address.
For example, you may receive an email from the ‘EA Support Team,’ which sounds inconspicuous. But if there’s a Yahoo, Gmail, or some other type of free email address tied to it, you’re not dealing with a legitimate email.
2. The domain name is misspelled
If an uppercase I is switched with a lowercase l, you might not be able to tell. A 0 also makes for a credible O. And, if you’re in a hurry, you might not notice a misspelled detail. But Chipotle and Chipolte are not the same things, and @airbnb.com.work or @outlook.com.net can’t wait to steal your data.
Scammers rely on you not paying attention to these things, and you might have already seen people using these tactics to impersonate celebrities on social media.
If an email looks fishy to you, or you don’t remember ever interacting with the company in question, take a closer look and make sure the domain name is right.
A reputable company won’t ever misspell its name.
3. The email tries to panic you
If you get an email from a company trying to instill panic, pay extra attention.
An alarmist message could be something like:
- Your account has been breached, and you need to confirm your credentials
- Your transaction couldn’t be processed, and you need to enter your credit card information now
- You’re about to lose our special discount if you don’t send money in the next 30 minutes
In case something like this lands in your inbox, inspect all the details, from the email address to the logo, to the company’s legitimacy. You may just end up marking it as spam and move on with your day.
4. The email includes suspicious attachments or links
Phishing links are deceptive, so hover over them to see the link’s real destination. If it is not the expected website, it’s probably a phishing attack.
For example, while the text might say Open document, the URL takes you to a phishing page designed to look like Microsoft.
To avoid detection by email security filters, hackers sometimes include the phishing link in an attachment, such as a PDF or Word doc.
Because sandboxing technology scans attachments for malware, not links, the email will be deemed OK, but it will be a trap.
5. The email is poorly written
More often than not, you can spot a phishing email only by the poor language used. Look out for spelling and grammatical mistakes, strange turns of phrase, or errors people make when learning English.
Emails from legitimate companies will have been constructed by professional writers and exhaustively checked for spelling, grammar, and legality errors. But phishing may come your way from all over the world.
Now, this doesn’t mean that any email with a typo is automatically a scam. People make mistakes, especially if they are in a hurry. But if you notice a pattern of weird expressions and misspellings, make sure you double-check the email address, and any links included.
Keep yourself safe
Spam email filters are not fully effective against phishing attempts, so you must be on the lookout for anything suspicious.
Here’s what you can do to protect yourself against phishing emails.
Don’t reply, click on links, or send any personal information
Phishing emails generally prey on human error.
Check your correspondence for the 5 signs we just went through, and if anything strikes you as suspicious, contact the sender.
Ask your boss or call your bank to verify if they actually sent you the email.
Use an antivirus
A good antivirus will notify you if you are about to download a shady attachment.
It can also act as a means of defense, in case you did download an attachment that turns out to be malware siphoning your data.
Create a strong Password
An effective password allows you to better protect your data.If you want to increase the security of your data here are 5 tips on how to make your password more secure.
Use a VPN
Short for Virtual Private Network, a VPN encrypts your internet traffic and hides your IP.
While a VPN can’t stop you from giving out personal information, it will steer you away from suspicious, unsecured HTTP websites.
Two-factor authentication, 2FA for short, is a subset of multi-factor authentication. You’re granted access to an account only after successfully presenting two or more evidence pieces to an authentication mechanism.
An example of 2FA is only logging into your Facebook account after inserting a code sent to your phone.
Using 2FA, you can keep out any unwanted access to your accounts.
Block the sender’s domain on your firewall
If you check the domain the sender uses either for their email address or the link, you can then block it through your firewall.
This will prevent you from accidentally revisiting the suspicious website while stopping any further emails from that scammer.
Got any other tips or questions? Leave them in the comments below. 😊
Until next time, stay safe and secure!
Leave a comment
Posted on 21/11/2022 at 02:12
I am trying to find out if an email I received for a Cyberghost free trial is legitimate. It comes from email@example.com via amazonses.com. Is this legitimate or not? Gmail has flagged it as “dangerous”. Thank you.
Posted on 21/11/2022 at 10:49
Hi Jim. We can confirm firstname.lastname@example.org is our domain. If you have reason to suspect someone might be impersonating us, please contact our support team through email or live chat. They can check the email contents, and advise you further.
Posted on 30/07/2020 at 01:21
Block the sender’s domain on your firewall
If you check the domain the sender uses either for their email address or the link, you can then block it through your firewall. (When you say that to someone like me who is a non-techie, that is the signal for panic! How do we find the firewall ??? Then how would we block the sender’s domain??? You need to remember that most of us barely know what these phrases mean, much less how to accomplish them… TIA
Posted on 03/08/2020 at 12:40
There are many firewall solutions out there, so it’s hard for me to guess which one you’re using.
To give you an idea, on Windows, you can find the built-in firewall on your Windows device in Control Panel, under ‘Windows Defender Firewall.’
On Mac devices, you need to use the terminal under ‘Utilities.’
For more details, you can find guides online.
At the same time, third-party firewall solutions are also popular. For example, many antivirus products have them as a feature. Some router manufacturers also add them to their hardware.
If you’re using such a firewall, you’ll probably find details on blocking a domain on your provider’s support page.
So, check what type of firewall you’re using and look for further instructions online.