What is phishing? Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive information such as personal information, banking and credit card details, and passwords (www.phishing.org).
Anybody can be a victim of a scam and noticing the signs can help prevent identity theft and financial loss. Below are 10 red flags to look out for.
1. Sense of Urgency or Threatening Language
Phishers use emotionally manipulative tactics in order to persuade people to click. For example, a phisher might send a text message saying “This is a notice from law enforcement in [your city]. Your immediate response is necessary”. The enclosed link may deliver malware or direct individuals to a phishing site.
2. Unfamiliar Sender or Recipients
Experts generally advise people to avoid opening emails from unknown senders. These messages can contain executable code designed to launch immediately upon clicking on an embedded link or an attachment. After deleting emails from unknown senders, they no longer remain a threat.
3. Spelling and Grammatical Errors
Phishing messages used to commonly contain poor spelling and grammatical errors. Hackers are growing increasingly sophisticated, and are less prone to these types of slip ups than in years past, however, you might still be able to identify a phishing attempt based on clumsy language use.
4. Request for Payment or Personal Details
Any requests for money or personal details are phishing red flags. In many instances, the emails tell a compelling story – they include fake invoices, request a payment, say that you’re eligible for a government refund, ask people to verify information, tell people that a coupon for a big-ticket item is available…etc. They can even appear to come from well-known businesses that do indeed regularly request payment updates or that may occasionally experience issues processing your payment.
5. Compelling Subject Lines
The most-clicked phishing emails include seemingly generic, yet fear-inducing subject lines. Example: Official Data Breach Notification
6. Compelling Call To Action
The top five phishing scams use compelling language and include phrases like ‘expires in 4 hours,’ ‘click now’ and ‘Get information here’.
7. Too Good To Be True
Winning the lottery is an unlikely prospect. And winning a lottery that you didn’t enter is an impossible feat. Similarly, an email containing information about a prize or award notification may also be a phishing email. Avoid clicking on links in order to claim a prize. If you might have actually won a prize, contact the sender through a secondary channel to confirm.
8. Blurry or Clumsy Design Work
Some cyber criminals create clones of legitimate logos that appear exact. But others really need to hire a graphic designer. When trying to spot a phishing email, look out for weird logos, image-only emails, and poor design formatting. If unsure about the legitimacy of the sender, reach out to the group via a different channel.
9. Hi, It’s Alex in Sales
An email from someone who is purportedly new within the organization or that claims to be from “[common first name] in the sales division” might actually be from a cyber adversary using social engineering techniques. The age of remote work makes it particularly challenging to parse apart legitimate emails of these types from malicious doppelgangers. This is especially true in large organizations with thousands of employees.
10. Protective Shield
Humans recognize and relate to one another through consistent linguistic patterns. If you receive an email from a colleague that sounds nowhere-near their typical email tone, use a non-email channel to confirm the validity of the email with the sender. A few simple precautionary measures could prevent your organization from experiencing a major data breach.