Have you ever received a phishing email before? In an age filled with cyber attacks and scams, the chances are good that you’ve received multiple phishing emails throughout your lifetime. Phishing emails are online scams that appear to be legitimate, in an effort to steal your credentials or install malware on your device.
According to CSO Online, phishing attacks accounted for more than 80% of reported security incidents in 2021. And 94% of malware is delivered via email.
But how can you recognize a phishing email? And what do you do once you successfully identify a phishing scam?
In this article, we’ll walk you through 8 common signs of a phishing email. We’ll also share tips on how to protect yourself against phishing emails and what to do if you suspect a phishing attack.
8 Common Signs of a Phishing Email
Phishing emails have been around for decades, with the first known phishing email having originated in the early 1990s (source: Web Security).
To complicate matters, phishing emails have grown more sophisticated over time, making them difficult to identify and avoid.
However, there are a few key signs to watch out for that set phishing emails apart from legitimate emails.
1. An Unfamiliar Tone or Greeting
A generic greeting—such as “Dear User,” or “Hi,”—is often one of the first signs of a phishing email. Some phishing scams omit the greeting altogether and jump straight into the body of the email.
But even if the email includes a personal greeting with your name, pay attention to any irregularities. Maybe the language is especially formal, or maybe the sender has addressed you in a way that isn’t consistent with other emails you’ve received from them.
If you notice anything unusual about the greeting of the email, stay on your guard and check for other signs of a possible phishing scam.
2. Grammar and Spelling Errors
Another common sign of a phishing email is poor spelling and the incorrect use of grammar.
Most businesses use spell check features before sending out emails, so frequent grammatical and spelling errors are a red flag.
That said, just because an email is grammatically correct does not make it automatically safe. As email phishing becomes more sophisticated, cyber criminals are getting better at making emails appear legitimate, so watch out for any other suspicious details.
3. Inconsistencies in Email Addresses, Links, and Domain Names
If you’re unsure whether an email is legitimate, pay attention to the email address of the sender, as well as any links or domain names included in the body of the email.
For example, if an email is allegedly from Amazon, but the domain of the link doesn’t include “amazon.com,” that’s a huge giveaway that the email is probably a scam.
You can check hyperlinks embedded in the email without clicking on them by hovering your cursor over the link.
It’s also a good idea to check past email correspondences with the sender in question to see if the addresses and domain names match up.
4. Threats or a Sense of Urgency
Any email that threatens you with negative consequences should be treated with suspicion.
Many phishing emails try to create a sense of urgency in hopes that the recipient won’t bother thoroughly examining the email.
In some cases, the email might promise you cash or another prize by following a link.
Or the email might pose as a trusted organization telling you that your account has been hacked.
These emails can seem especially convincing, which is why it’s important to always verify this information with the organization directly. Placing a phone call or typing the organization’s URL directly into your web browser is much safer than following a hyperlink in the body of an email.
5. Suspicious Attachments
If you received an email with an attached file that you didn’t request, proceed with caution.
Attached files with the following extensions are commonly associated with malware: .zip, .exe, .scr, etc.
If you’re unsure about the safety of an attachment, always flag the file to be virus-scanned before opening.
6. Unusual Requests
Anything outside of the norm is cause for careful examination.
For example, if you receive an email from the CEO of your company when you’ve never directly communicated with this person before, that’s a big clue that you’ve probably received a phishing email.
Again, if you aren’t sure about an email’s validity, follow up with the sender over the phone to verify that the email is legitimate.
7. Recipient Did Not Initiate the Conversation
If you receive a marketing email that you didn’t subscribe to, there’s a high probability that the email is malicious.
Since phishing emails are unsolicited, they’ll often use the hook of awarding you a prize or discount if you follow a link or open an attachment.
Always keep track of your email correspondences, and beware of unsolicited emails.
8. Request for Credentials, Payment Information, or Other Personal Details
One of the most sophisticated types of phishing emails appears legitimate but sends the user to a fake landing page when a hyperlink is clicked.
If you receive an unexpected email, visit the organization’s website by typing in the URL, rather than clicking on a link.
How to Protect Yourself from Phishing Emails
- Protect your computer by installing additional security software. Set your software to update automatically so you’re always ready to deal with new security threats.
- Update your mobile devices regularly. Many of these updates offer new security features that can protect you from possible phishing attacks.
- Implement Multi-Factor Authentication (MFA) on your accounts. If you fall prey to a phishing attack, multi-factor authentication will make it more difficult for scammers to access these accounts.
- Back up your data to a secondary location. Even if you never fall prey to a phishing scam, it’s always a good idea to protect your data by backing it up to the cloud or to an external hard drive.
What to Do if You Suspect a Phishing Email
Identification is the first step in avoiding a phishing attack.
When you receive an email asking you to follow a link or open an attachment, ask yourself whether you know the person or organization who contacted you.
If you don’t recognize the sender, look for signs of a potential phishing scam.
If you believe the email is from a trusted organization, contact the company using a phone number or website you know is real.
And if you suspect a phishing email or text message, report it.
You can report suspicious emails by forwarding them to [email protected].
Report suspicious text messages by forwarding them to SPAM (7726).
You can also report phishing attacks to the Federal Trade Commission (FTC) by visiting reportfraud.ftc.gov.
What to Do if You Responded to a Phishing Email
If you think a cyber criminal might have your information, such as your Social Security number, credit card number, or bank account information, go to identitytheft.gov. There you’ll see specific steps to take based on the information you lost.
If you clicked on a suspicious link or opened an attachment, update your computer’s security software immediately. Then run a scan to see if any malware has been identified.
While it’s impossible to completely avoid phishing emails, learning how to recognize them can protect you from losing money or having your personal information stolen.
And adding extra layers of security to your devices and accounts will only provide you with greater protection and peace of mind.
Blog & Media
Managed IT Support
Amazon Web Services