Without a doubt, phishing emails have been increasing and are getting smarter in how convincing they can be to the average user. Extra precautions must be taken as not all phishing emails will be detected automatically and can still often make it in your inbox. So, how can you identify a phishing email?
It is important to educate yourself as well as internally for your company in order to avoid a financial mistake. Not doing so can potentially be detrimental to your entire business. Better safe than sorry!
What is a phishing email?
A phishing email is when a scammer sends a fake email on behalf of a trusted company such as Apple, Netflix, Yahoo, etc. and directs you to a fake website to fill in confidential information.
These emails will will urge you to provide classified information such as a username and password, credit card information, and/or your social security number. With the use of persuasive and language, the email can be very convincing enough for a user to give up their personal information unknowingly.
How to Identify a phishing email
Watch out for the following signs to spot and protect yourself from a phishing email. The following screenshots you will see are emails I have personally received and will be using as examples.
1. Threatening, demanding and immediate action is required
These emails will use very pushy language and try to intimidate you to make hasty actions in order to get your personal information.
Be wary of call to actions such as “your account has been compromised!” or “failure to validate your account will have it suspended”
This is a fear tactic in order to get you to react quickly by distracting you with fear and concern in order to get your information. A great way to identify a phishing email is to question the initial reaction of fear.
2. Observe the email address that the email is from
Look out for an “unofficial from email address”, often these will be similar to a company’s email but not their official one. The example above has the apple URL but is accompanied by a series of random letters after support-info.
3. Link that leads you to a fake website
Phishing emails usually have a link that will lead you to a fake website. Before clicking the link at all, hover over it. A hyperlink should appear and will often look like a generated URL like so:
Suspicious short hyperlinks are a great way to identify a phishing email. Don’t click on them!
4. Fake website URLs and how to spot them
The fake website will often look legitimate at first glance, but here are a few signs you can look out for. Just because the URL has the company name in it, it does not mean it is from the official company.
For example, a phishing email lead me to (a close example, not the real url): http://support.appleid.apple.com-ending-domain.org/. The URL is a mess, let’s observe as to why.
- The URL starts with http:. Secure URLs should start with https:// as the s stands for “secure” meaning data you send is safe. URLs without the s indicate that personal information that you submit might not be protected.
- “ending-domain” is on the url. A URL should not have the word “domain” in it otherwise it is a sign that the domain is not owned or validated.
- The domain name is “support.appleid.apple.com-ending-domain” which does not match Apple’s real domain name and URL. When in doubt, do a quick search of the company’s name to land on their correct and official website.
- The URL ends in ”.org”. Be very cautious of giving private information to any sites with URLs that end in .org or .net as these are mainly for non-profit organizations instead of actual companies.
5. Misspellings and/or bad grammar
This is from a phishing email posing as Netflix trying to “verify my payment and billing details”. First off, I knew right away this was a phishing email because I don’t own a Netflix account. The scammer misspelled the very last word “uninterrupted”. So close guys, but not close enough. Large companies will normally hire professionals in order for emails to have perfect grammar and spelling.
When in doubt, don’t take the risk. Contact the company directly by manually typing their name in the search bar to verify whether or not the email is legitimate.
If something seems suspicious or too good to be true, it may be. Legitimate companies will NEVER ask you to provide confidential information by email out of nowhere.
Got any more tips on identifying signs of a phishing email? Let us know below!