Can you recognize a phishing scam email when you see one? Do you know what signs to look for to identify a phishing attack, and avoid becoming a victim? In honor of National Cybersecurity Awareness Month, PhishMe has developed an infographic with helpful tips to keep you safe and secure.
PhishMe points out the usual, common-sense things you should do to avoid getting compromised—by either phishing scams or malware exploits. Don’t open unknown file attachments or click on links in suspicious emails, and don’t enter your credentials on login pages linked from email messages.
Hopefully that goes without saying at this point for emails you receive from unknown sources. It doesn’t take a rocket scientist to realize that you aren’t expecting a package from UPS, or you haven’t actually conducted business that would involve a suspicious email with a cryptic “invoice” attached. Don’t let curiosity get the best of you. You can be fairly sure it’s not legitimate—and even if it is, you know it’s not for you. Just delete the message.
Some messages are crafted better than others, though, and might not stand out as obvious phishing scams. Case in point: I recently received an email from my best friend. The subject was simply “Check this out,” and the body consisted of a terse exclamatory statement, and a link to click. It was odd in the first place, because my friend and I don’t exchange emails very often. Add in the vague subject line, the urgency of the body text, and the bizarre URL, and the message definitely raised some red flags.
When in doubt, check it out
I reached out to him on Facebook Messenger to confirm whether he had, in fact, sent me an email on purpose, and that it wasn’t just spoofed, or his PC hadn’t been compromised in some way. It turns out the message was legitimate, and he did actually send it to me, but better safe than sorry for suspicious-looking emails like that.
Other tips on the PhishMe infographic draw attention to elements that are more obscure or subtle than file attachments and suspicious links.
For example, consider the emotion of the message. If you receive an email that isn’t a blatantly obvious phishing scam, take a look at the sentiment. Phishing scams rely on greed, curiosity, fear, or a sense of urgency to drive potential victims to action. Does the email dangle a financial reward, or threaten you with negative consequences if you don’t act? Emails that drive urgency and try to con you into acting immediately should make you think twice—or three or four times.
Next, double-check where the email came from, and think about the tone and cadence of the message. Some phishing scam emails may seem to be from a source or contact you’re familiar with, but what you see can be spoofed and may not match the true source. If the message says it’s from “Tony Bradley,” but the return email address is “firstname.lastname@example.org” —or something to that effect—you should ignore the message.
Finally, look at the message itself. Many phishing scam emails are written in broken English—which should be a clear indication that it’s not really from your coworker, or your bank—but in some cases the English might be fine…sort of. If the vocabulary and tone of the message seem odd—perhaps a bit too formal, or ostentatious—it should raise some red flags.
Even if an email message seems to be legitimate, it's better to be safe than sorry. Do what I did: Follow up with the source through a different channel to confirm the message is legitimate. If it’s an email from a company, call customer service directly using a phone number you get from the company's legitimate website—don't email or call any sources listed in the email! Or open a new browser window and log into the site on your own terms.