Did you know that 90 per cent of modern data breaches now involve a phishing attack? These attacks usually consist of fake emails designed to look like they're coming from a brand or institution that you trust.
Their goal is to entice you to click a link or download an attachment, which, in turn, puts malicious files on your computer. This can enable hackers to steal your identity, breach your employer's systems, and more. It's called phishing and it's just one form of social engineering, the tactics most cybercriminals employ.
The best way to defend yourself against phishing attacks is to identify phoney emails before you click on them.
Seven ways to spot a hoax email
Who is the real sender?
Make sure the domain name in the 'From' field matches the address between the brackets. Watch out for addresses that contain typos in the brand name or one missing letter e.g. amzon.
Cybercriminals can easily make an email address that uses very similar domain names, to popular brands. Always check the domain name before you open the email.
Check the greeting
Don't trust impersonal introductions like 'Dear customer' if you do business with the organisation sending the email. Email introductions should contain your name.
Hover over links
Hover over an email link to see the full URL it will direct you to. Do not click the link - just hover. If the address isn't where you'd expect to go, don't click it. Check all the links, if the URLs are all the same, it's likely a phishing email.
Many phishing emails ask that you click a URL that looks innocent but navigates to a malicious web page or to execute a download of malicious files.
Does the email ask for personal information?
One of the easiest ways to identify a phishing email is if it asks for credentials or personal information of any kind. This could include usernames, passwords, credit card information, and much more. For example, fake invoices are a typical phishing email.
Poor grammar and spelling
Poor grammar and spelling in an email is a common sign it's a phishing email. If the message doesn’t look professional, it probably isn’t and should be treated as a threat.
What's in the footer?
The footer of any legitimate email should contain at the minimum:
- A physical address for the brand or institution, or the correct website address (hover over to check)
- An unsubscribe button
If either of these items is missing, it's probably fake.
When in doubt, delete the email
If you don't know the sender, or even if something seems off, delete the email. If it's not fake, the sender will contact you another way or send the message again.
Phishing is the setting off point for the vast majority of data breaches. It's so successful because it preys on human nature as a way around cybersecurity. That means it's vital that you keep your staff well informed and trained on how to spot phishing emails and what to do when they get one.