Cybercriminals often target emails as their entry point to their nefarious activities because they know that most people access their email everyday. If you’re not careful, it’s easy to fall victim to this form of phishing attacks.
So, let’s discuss first what a phishing email is and the warning signs you need watch out for the next time you open your inbox. You might have already seen some of them in the past.
What are Phishing Emails?
Phishing emails are email messages with the intention of scamming people in giving out their personal information like passwords and credit card numbers. It is designed to appear genuine by copying the logo, branding and even the writing style and signature of an official employee of a company that you do business with.
These scammers play with the reader’s emotions by employing scare tactics, urging them to take immediate action or their accounts will be compromised. Of course, legitimate businesses will never ask their customers to do this. So here’s how you can identify a phishing email and stop them before they can steal your money or files.
How to Spot Phishing Emails
Before you click anything on any email, make sure to check for any red flags:
1. Warning signs from your email provider (ex. Gmail or Outlook). Other users may have already flagged it in the past as spam or potential phishing attack.
2. Check the ‘From’ address from which the email was sent. If it looks suspiciously similar to an official company (ex. firstname.lastname@example.org) or uses generic email account (@yahoo.com) to represent a company, then it’s most likely a phishing email.
3. Generic greeting. Scammers rarely know who they’re sending the email to. So, they use generic greetings like “Dear Member” or “Dear Customer”.
4. Urgent Action Needed. This is the part where fraudsters use urgent calls-to-action to trick you take immediate action. Be wary of keywords used such as “urgent action required” or “your account will be closed, please change password”.
5. The body message is filled with grammatical errors. Some phishing emails are easy to spot on because they often have spelling mistakes and poor grammar.
6. It links to a fake website. The hyperlinked URL doesn’t match with the assigned text and will lead you to a spoof or fraudulent sites.
7. Attachments. If you’re not expecting any files from someone, don’t click on any attachments.
8. Lacks contact details. The email sender does not provide complete details on how to contact them.
How to Prevent Falling for Phishing Emails?
1. Don’t click on any links if you’re not sure about it.
- Hover over the link and check the web address matches with the text link. If it looks fake or suspicious, don’t click it.
- Try copying and pasting the link to a separate browser tab and see how the site looks like.
- For those on an Android device, long press on the link or button.
- For iOS users, tap and hold over the link to reveal the URL.
2. Don’t download attachments from people you don’t know. It might contain viruses and malware that can corrupt your computer, erase files, or steal your username and password.
3. Use email filters. Email filters are not only good for organising emails, it also filters trusted contacts and flag unknown senders to the spam folder.
4. Never give out any personal information. When you think about it, your bank already has your credit card no. in their database. So, why they would they be asking you for that information?
5. Use plain-text if possible. Most email platforms are read in HTML and fraudsters took advantage of this by concealing their web address.
6. Use anti-phishing browser plugins. Chrome, Mozilla Firefox, Internet Explorer have a host of free plugins you can download to detect if you’re about to access a phishing site. Check out the reviews and ratings before installing any plugins.
7. Check if it’s an HTTPs website. An HTTPs website has a green padlock button and starts with ‘https’ on the browser web address. It uses SSL (Secure Server Layer) to encrypt the connection between web servers and browsers to ensure that hackers may not intercept the connection.
8. Use 2-Factor Authentication. A 2FA adds another layer of protection to your account if someone tries to access or change anything information in your account. Hackers can’t steal your data without the 2FA verification code sent usually to your mobile number.
9. Report Phishing Emails. If you suspect a website to be fraudulent, report it immediately to your email provider’s spam team.
10. Teach others how to identify phishing emails. Remind family members and friends to be cautious when browsing online and inform them if they are forwarding a phishing email. For business owners, make sure to conduct seminars or training on how to protect your company’s online security.
Best Defense Against Phishing Attacks
Unfortunately, there’s no sign of this industry to disappear anytime soon as they constantly adopt new methods. However, by following the tips above, you can significantly lower the chances of you becoming the next victim.
If you want to be an extra step with your online security, we offer WebGuard, our all-in-one website optimisation and security add-on exclusively for all Vodien web hosting customers. Features include SSL encryption, malware scanner, website firewall, system log monitoring and speed optimisation. To know more about this product, click on the link below to get in touch with our Super Support team.