How many times have you quickly skimmed through your email when you had a spare moment in between patients, only to come across a message that looks pretty legitimate at first glance, except your name is misspelled, and come to think of it, you don’t know any Nigerian princes…and you somehow just won a cruise to the Bahamas, but you don’t even remember entering a contest?
Phishing emails are designed by cybercriminals who are after your personal information, and ultimately, your money. These criminals are experts at what they do. They imitate reputable companies in an effort to get you to open infected documents, click malicious links, and unknowingly download malware onto your devices.
Phishing Red Flags
Luckily, identifying a phishing email is often easy to do, because these messages have many common red flags, such as:
- Aggressive or urgent subject lines, à la “Your Bank Account Will Be Deactivated If You Don’t Verify Your Account Information Immediately.”
- Generic messages appearing to come from your actual friends, colleagues, and/or relatives. Cybercriminals use social engineering tactics to find out the names of people close to you, hack their email accounts, and use their contact lists as ammunition.
- Spelling and grammar issues are often a dead giveaway for phishing emails. Emails from reputable companies, like Microsoft, for instance, are proofread. Tons of exclamation points? Sounds phishy.
- The message asks for personal information. No matter how legitimate an email from “your bank” appears, any reputable financial institution won’t email you asking for your account information or the answers to your security questions.
- The message claims to be from a government agency. Phishers often pretend to be from law enforcement agencies, the IRS, the FBI, and any other entity they can imitate that will intimidate law-abiding citizens.
- You receive a shipping notification, but you didn’t order anything. Scammers will send you emails with subject lines containing text along the lines of “USPS Delivery Notification,” which then instruct you to click on a link for more information regarding your package delivery status.
- If it sounds too good to be true, it probably is.
Don’t Get Hooked
The truth is, phishing artists are constantly stepping up their game, evolving their techniques, and aiming to catch you in their nets. Digital Technology Partners has some key tips to for identifying a phishing email in your inbox:
- Don’t open attachments from unknown sources. This is HUGE. Attachments can contain links to malicious websites or downloads and are a very common source of infection.
- Trust nothing. The success of a deceptive phishing email depends on how closely the attack email resembles a reputable company’s official correspondence.
- If the message prompts you to click a URL, hover over the URL as opposed to clicking. You will see the actual hyperlinked address, and if it varies from the address displayed, the message is likely fraudulent. This trick goes for images within the message, too. If you see an image links out to another site, verify the URL before considering clicking.
- Look for misleading domain names in URLs. Phishers depend on their victims not knowing how the naming structure for domains works. The last part of the domain is the most telling. For example, info.dtpartners.com would be a subdomain of dtpartners.com, because dtpartners.com appears at the end of the full domain name on the right-hand side. Alternatively, dtpartners.maliciousdomain.com would not have originated from dtpartners.com, because the reference to dtpartners.com is on the left side of the domain name.
- Use enterprise-grade email, such as Office 365. Spam filters, such as those of Gmail and Yahoo, vary in effectiveness and are only part of the solution to preventing phishing attacks. Microsoft recently added Office 365 functionality to its Enterprise E5 plan that is designed to help its users mitigate malicious links within email messages and avoid dangerous attachments. One new feature, URL Detonation, checks to see what a link does. If a user clicks a link, the user gets a message that the link is being scanned. Another new feature is Dynamic Delivery, which scans message attachments for malware in an effort to keep the user safe.
- Only confirm installations for software you initiated. If you’re trying to download Spotify, and you’re prompted to do so, it should be perfectly fine. On the other hand, if you’re reading an email, and it requests you install a program out of nowhere, this is likely an attempted phishing attack.
- Verify your emails, but don’t use any of the contact information or links within the messages to do so. Always use a trusted third-party resource such as Google to verify contact information and/or website addresses for information on questionable senders.
- Don’t accept “support” from people you don’t know or trust, and treat all of your emails as if they are suspicious. If you didn’t reach out for support, don’t accept that the email you receive offering support is trustworthy. Be careful when you receive instructions. You may receive a message telling you to give an IT support technician remote access or to disable a security feature on your device, or even to install a new application. Always verify the request’s source is genuine. Digital Technology Partners support technicians will never ask for remote access to your devices via email.
Adding extra steps to your daily tasks may be the last thing you want to do, but it’s worth it in the long-run when it comes to protecting your devices, your personal information, and your bank account. Follow DTP’s simple tips for identifying phishing emails, and avoid taking the bait of phishers.
Cybercriminals are constantly improving their strategies. Are you improving yours?