Over 90 percent of security breaches are found to be caused by human error. This is why cybercriminals still actively employ social engineering attacks such as phishing to try and compromise infrastructures.
A phishing website (or a spoofed website) usually tries to appear at least somewhat legitimate. It may be devised to look like an existing legitimate website, and mimic for example your bank’s or health care center’s website. The website is created so you would give away your login credentials or other private information. You are most likely to receive a link to this website via email or an instant message, but you could land into the page by mistyping a URL or clicking the wrong website in your search bar. The first thing is then to be wary of the sender of the email or instant message and make sure you know the sender, or that the sender is whom they claim to be.
Email from Unfamiliar Sender
When receiving an email, there are several details you can go over to determine, if you might have been targeted for a phishing attack. First, take a look at the sender’s email details. The phishing attack could be from an email you’ve never seen before and which doesn’t seem legitimate. Fortunately, if you have doubts, there are forums and online resources which can help you determine if the source is reliable or not. Simply copy the sender’s email and google it with a keyword such as “phishing attempt”, “hacking” or “scam”. If other people have flagged the email, you will likely see that the email is indeed from a cyber-criminal. There are issues with this technique, however, since phishers are very aware of the forums and change their emails often and easily. They can also use these help forums as a form to support their own scam, by giving themselves good reviews and claiming the email offer was indeed legitimate.
Sender’s Email Seems Off
The phishing attempt can also come from a company which seems absolutely reliable and an actual company but is instead not coming from the company it claims to be. For example, you can see an email coming from “[email protected]” and actually look up a Susan Hills and see that they do indeed work at Logo, and assume the email is coming from a real source, without realizing that it could be that either Susan’s email has been hacked, or an email has been created to resemble Susan’s email, but it isn’t the correct email form. The company name could be misspelled or it could have the wrong ending (such as logo.dn as opposed to logo.com).
Writing Tone Is Odd
If the email address looks familiar but the content or the style looks odd, this is another big red flag. If the email is full of grammatical errors or spelling errors your contact is unlikely to make or doesn’t usually make, it is possible the sender is, in fact a phisher. As phishing scams become more sophisticated, their language, as well as their layout, may also be very well thought out and look very reliable. However, people usually have a very distinct type and style of communications, and you are likely to take note of it, either consciously or subconsciously. If an email feels “fishy”, it could be that you subconsciously noticed the sender is using a style and choice of words not usual to them. Trust your instincts and if something feels off, investigate the email before responding.
Greeting Oddly Generic
Phishing scammers send thousands of phishing emails, so you are likely to be greeted with a very generic email, such as “Dear Customer”, referring to “Your Company” or “Your Bank”. This is especially alarming if the email seems to be coming from someone who should have more details on you, such as someone from your company or a partner you have met before.