Across the globe, phishing is a huge problem, with some estimates suggesting that around 80% of reported security incidents are attributed to this particular cybersecurity threat. Perhaps more concerningly, phishing emails require direct interaction with those they target, meaning that a successful phishing attack is usually down to simple human error.
However, by implementing comprehensive and robust cybersecurity training within your company, you can help to reduce the chance of a successful phishing attack. Perhaps the easiest way to do this is to ensure your team has the tools to identify phishing emails quickly.
Here then, we look at the top 5 signs of a phishing email to enable anyone to identify and then report phishing emails before they can do any damage.
1. Poor Grammar and Spelling.
The most ubiquitous signs of a phishing email can be found in the content itself. Often, bad grammar and poor spelling are the first indicators that an email is not to be trusted and should be flagged. Of course, we’re not talking about common autocorrect spelling mistakes or typos, but consistently misspelled words and awkward sentence structure that stands out.
2. Strange Links or Email Addresses.
Any email that includes strange links or suspicious email addresses should be a reason for concern. For example, if you receive an email purporting to be from a client but the email address is different from your previous correspondence, you should proceed with caution. The same is true for links; if there are any discrepancies between the links included and well-known company URLs, you should not click on them.
3. Suspicious Attachments.
Email attachments have long been the most common way to spread viruses and other malware; however, they are also very often used in phishing attacks. Most secure email services available today will include attachment scanners to check for threats—but they’re not always 100% effective. This means you should always be wary of attachments sent by unknown parties or from suspicious email addresses, particularly when they include extensions such as .zip, .exe, .scr, etc.
4. Unsolicited Contact.
Any emails received from unknown contacts should immediately raise a red flag—especially when they combine any of the above issues within the email itself. Almost all phishing attacks come through unsolicited emails, often disguised as sales or promotional emails that include a sense of urgency for you to complete a certain task, such as clicking a link or opening an attachment. The bottom line is that if you didn’t initiate the conversation, be very careful with handling unsolicited emails.
5. Requests for Payment or Other Details.
Finally, any request for sensitive information such as card details, bank information, personal data, or the data associated with others (such as your colleagues) should be treated with care. Only send this kind of data to contacts you trust, and if you are being directed to a landing page that is asking for these details, be sure to double-check check the URL is correct. If you are at all suspicious about the link, visit the website itself rather than following the link.
Today, with the constantly evolving threat of phishing emails, no approach can be 100% foolproof. However, by checking for these 5 signs and using your intuition to filter emails, you can mitigate the risk posed by this particular cybersecurity issue and improve safety both at home and within your company.