Imagine that you are a fish swimming in a big pond full of other fishes and you spot something that you think is food. You immediately swim over and start inspecting the “food” in question. How can you tell if what you see is food or a rubber imposter that is waiting to cause you harm? While email phishing is one of the most common forms of cybersecurity attacks, it can also be one of the easiest to spot if you know what to look for. Phishing is a form of fraud where cybercriminals use a disguised email and some social engineering to try and get the victim to do something that they wouldn’t normally do or to provide them with sensitive information. Phishing emails usually look legitimate at first glance, but after taking a closer look, one may find a few red flags that let them know that the email is malicious. Here are a few ways to spot a phishing attack.
- Outside of the Norm
One of the first red flags to a phishing email is that the message just simply feels… odd. The email may request something out of the ordinary such as a gift card or personal information and the sender is usually not following your business’s normal procedure for requesting such information. The attacker may make the email sound urgent, trying to pressure the victim to act without stopping to think and ask any probing questions.
- Poor grammar
Another way to spot a phishing email is if the email uses poor grammar. Sometimes you may get an email from what appears to be a credible source. The logo may be correct, and the email looks official however, after reading it you may notice that it is worded strangely or that there are a few typos. While cybercriminals are becoming more and more advanced in their phishing methods, one thing remains the same: their grammar is usually not that great. Poorly worded emails or emails with typos should always be treated with extra caution.
- Check the sender address
Checking the sender address is one of the best and final ways to spot a phishing email. Cybercriminals can make emails look like they came from anyone, but they cannot force the sender address to look like the real thing. In an example, a phishing email may appear to come from your boss, John Smith. John’s email may normally be Johnsmith@mycompanysdomain.com but after taking a closer look you may notice that the phishing email’s address is actually from Johnsmith@notmycompanysdomain.com. It can be a subtle difference but, noticing that difference will save you and your company a world of trouble.
If you are suspicious that an email maybe a little… fishy (pun intended), contact the supposed sender either in person or via a phone number that you know is theirs. Never respond to these emails and never trust the information given inside of the email (like phone numbers or URL links). Always notify your IT department of any emails that you suspect to be a phishing attack.
Want to test yourself to see if you can spot a phishing email? Take SonicWall’s Phishing IQ test here!