Spot a Phishing Email By Asking These Four Questions
In email phishing attacks, the sender attempts to fool the recipient into clicking a link, downloading a file, or responding to them with valuable information.
They will often pretend to come from a legitimate website or service - stating that you need to verify your login credentials, dispute a charge, download an update, or similar scam. Attackers will even set up and direct you to phony duplicate websites, like Facebook for example, that ask you to login. If you do, your credentials are sent to the criminal.
Phishing is a massive problem for both consumers and businesses, with reports estimating at least 3.4 billion of these emails sent each day! In a business setting, one person falling victim to a phishing scam can have repercussions for the entire organization. From infecting your business network with malware or ransomware, to getting access to company email and contacts, it's more important than ever to ensure everyone is educated on how to spot and avoid these scams.
Here are four questions everyone should consider when they receive an email to help spot phishing scams:
IS IT URGENT?
Phishing emails typically use urgent language - "You must update your password within 24 hours or your account will be deleted!" "A package delivery to you failed, click this link to verify your shipping address and personal information by noon or we'll return the package to the sender."
This should always be a red flag. Legitimate services give you a reasonable time frame to complete requests within. And they rarely, if ever, threaten account deletion, legal action, or irreversible consequences if you don't act immediately.
Image from SecurityMetrics
If you receive an email from a service requesting you perform a time-sensitive action, never click the links or download files from the email itself. Instead, go directly to the service's website in your internet browser and login from there. You'll be able to easily see any notifications or requests.
If they don't have a website or you'd like to double check, we also recommend calling their support line. Again, don't call any numbers provided in the email itself, as these could be fake. Google the number or check what's listed on the service's website.
IS IT GRAMMATICALLY CORRECT?
Phishing attacks often originate from another country. Phrases may look or sound strange and the grammar might not be 100% correct. Large, popular companies will take time to ensure their emails are grammatically correct before sending
Here is an example of this with a fake Paypal phishing email:
Image from ESET WeLiveSecurity
It's almost a good dupe - but you can see in the second bolded line it states "What the problem's?" In that same paragraph it also says "we've place a limitation on your account." Small signals like this make it apparent this is a scam! (Not to mention that the email comes from a non-PayPal address - more on that next).
(Learn even more in our Ultimate Guide to Phishing Scams)
IS THE SENDER'S EMAIL ADDRESS CORRECT?
Always check the email's send address. Anyone can create a fake email address with a service's name. In the email above the sender's name is PayPal, but we can see that the email address is "email@example.com".
While this is easy to spot on a computer, often on mobile devices we will only be shown the sender's name. You need to expand the full details to view the email address it's coming from. Don't just trust the name - always check where it's truly coming from!
- Is the name spelled wrong?
- Does it come from a weird domain?
- Are there numbers that aren't normally there?
Scammers may try to be sly with this. An email pretending to be Microsoft may come from "firstname.lastname@example.org". Without looking carefully, you may not notice that the second O is actually a zero.
IS THE CALL TO ACTION NORMAL?
Most phishing emails will ask you to do something – download an attachment, give up login information, provide personal or financial information. If this is the case, ask yourself if it's normal. Is this traditionally the way this type of thing is handled?
For example, many scammers target businesses that use Microsoft Outlook or Office 365. You'll receive an email stating someone shared a file with you. You click the link provided to view it and are asked to login to your Microsoft account. But wait, you're already logged in - why is it asking you to login again? Scammers set up fake websites like this banking on you to not question it and simply login.
If you're unsure, we always recommend logging into the service directly by going to the website yourself. Don't click any links or download files from the email itself. If there is something that needs your attention, you'll be able to see when you login to your account.