Home / Resources / Blog

How to Spot a Phishing Email

Last updated: 13 Apr 2023

Don’t click on that email! Most people simply don’t have time to carefully analyze every message in their inbox. Employees are expected to respond to emails immediately, prioritize the needs and expectations of the senders, and organize their inboxes to create some structure and consistency in the day-to-day work. But it is imperative to protect oneself and one’s organization from one of the most common forms of cyber-attacks – Phishing.

Phishing emails are the basic attempts of scammers to trick the user into either clicking a malicious link or entering confidential information that can be used to carry out fraudulent activity. A link can provide access to hackers, and before you know it – your company’s data is locked with ransomware. An employee entering sensitive information in a form on an email can give hackers unfettered access to private employee and client information, and they can use it on their whim. Often, hackers will disguise their email address and name as an employee or high-level executive at the company, so the users mistakenly believe they are dealing with someone they know and trust.

Phishing is one of the easiest forms of attack from cybercriminals, and email is the most common method of performing these attacks. According to Security Magazine, there are 255 million reported phishing attacks just this 2022, a 61% increase from 2021. Scammers aim to target unaware users who do not think twice about revealing login and password information, personal and or private data, financial data such as credit card details, banking credentials, and much more. Not only do they get access to critical information, but this could also lead to much more harm for your company. Blocking access to files, loss of corporate funds and damage to your company’s reputation are some of the damages that could affect your business. With over 3.4 billion phishing emails being sent daily, many can fall from these threats if you are not cautious.

Some specially crafted emails can be designed to look like an update from your bank and could relate to any one of your online accounts. These emails could also seem like you ordered something online, and they need to verify credit card information. These hackers usually target staff in the financial or human resources department of a business. They often copy the format of the organization that the scammer pretends to represent. They will also take you to a fake website that looks like a real one but has a slightly different address.

If the user clicks on a link in a phishing email, they are usually redirected to a fake version of a legitimate website they are trying to visit. The prevalent rise of fake websites is alarming. Google even reported 2 million fake websites in the year 2020, which is continuously increasing year on year. A similarly popular method of phishing is pharming, which is done by infecting a user’s computer with malware that takes the user to a fake site, even if they type the real address or click on the bookmarked link. There are a few ways to detect and fight against it.

How to spot a phishing email

1. URL manipulation

Viruses are disguised as a seemingly safe link, however, does the link match the URL displayed once hovered over? If not, don’t click it. Hackers redirect you to malicious content with this tactic. They modify the site address while the text shown appears incontestable.

2. Use of public email domain

Legitimate organizations use business email, and the domain is most likely their company name. Sometimes hackers slightly jumble the business name so that the difference from the legitimate one is almost unnoticeable.

Trick: Verify the organization’s domain by looking up its company name on a search engine. Look at the format of the email address as well, apart from the sender’s name. Many of us bypass the email address and jump straight into the content, which is often the prime cause of being a victim.

3. Unexpected order confirmation

An order confirmation that you didn’t make is a sign of a phishing email. Hackers request to verify your shipping address, reschedule your package, or check your delivery status to lure you into clicking a link.

Tip: Be alert if the person is asking for your password or social security number. Seeing this in an email is already a huge red flag. Legitimate companies have their way of requesting your personal information, and this is not through email or instant message.

4. Threatening email subject lines

One evident phishing email is when they incite panic emotion. Notorious subject lines are “Urgent action required” or “Your account will be closed”. This tactic takes advantage of your anxiety and fear, which is the usual hook of scammers to obtain your credit card information or online bank account credentials.

5. Poorly written

According to a study, some cyberattacks are automated, and most hackers come from non-English-speaking countries. If you pick up a grammatical mistake or misspelling, this can be a strong indicator of a phishing email. For example, http://miicrosoft.com or http://bankoofamerica.com.

Professional organizations–even non-profit–hire professional writers to construct their emails and proofread grammar, spelling, and punctuation. Scam emails are poorly written to only trick the most susceptible targets.

6. No signature

An email that lacks a signature, contact info, or accountability could be a phishing email. Hackers repel recipients to trace the email back to them, so they generally don’t provide any contact information. Legitimate emails from businesses contain a signature and contact information at the bottom.

7. Don’t trust the sender’s display name

Just because an email says it’s coming from the name of a person you know or trust, doesn’t mean that it truly is. Be sure to look at the sender’s full email address to confirm the true sender. If the sender’s email address is even slightly different than what is expected or normal, report it to your IT Department.

Wrap up

Phishing emails trick you into clicking on a link or opening an attachment by:

  • Creating a sense of urgency in confirming your personal information
  • Including a fake tracking code or invoice
  • Luring you to make a payment
  • Claiming you’re eligible for government refunds or benefits
  • Offering a giveaway or free coupons

How to protect your employees and your business from phishing:

  • Encourage your users to think before they click.
  • Be sure to look closely at emails before clicking any links or downloading any attachments.
  • Visit the source directly rather than clicking the link in an email.
  • Examine the website links and logos in suspicious emails you receive.
  • Hover over the sender’s email address that resembles an authentic company email address.
  • Send any suspicious-looking emails to your Managed IT Services Provider or your IT Department.
  • Alert your Managed IT Services Provider or IT Department immediately if you suspect you have clicked or responded to a phishing email.
  • Training is an effective way to educate your staff about the various methods cybercriminals use to steal data. Teaching employees what to do when it comes to phishing emails will protect your organization from malicious attacks.

These tips may seem rudimentary, but many people are unaware of these phishing signs. Educating yourself and your employees on how to spot phishing emails will lead to a more cyber-secure organization. Many companies today, have seen the importance of establishing security awareness programs for their employees to combat these malicious threats. Rule of thumb: Don’t click on any links or open any attachments right off the bat. Sift through the details first–email address, sender’s name, and the authenticity of information–prior to opening any links or attachments.

If you click on a link and nothing happens, it doesn’t mean you’re safe. Some malware opens a backdoor and sits idle, stealing information like passwords, employee or client records, credit card information or other Personally Identifiable Information (PII). It also scans your network looking for vulnerabilities and preparing for a later attack. Installing email filters, creating backups, and round-the-clock monitoring your network would help secure your data. Check out our white paper, A Guide to Understanding & Defending against Advanced Malware, on how to protect your network against the worst viruses.

Get in Touch

Empower your business with custom-tailored tech solutions. Contact us now to get started.

Are you a current customer who needs support?

Call Service Desk (Support Line): 1-866-575-9512

Interested in our managed services and tech solutions?

Request a Free Consultation (Sales Line): 1-866-585-1198

Looking to Partner with us?