Enguard Logo
Phishing email scam hook and keyboard

Don’t Get Hooked… How to Spot a Phishing Email & Avoid Security Threats

There are many different types of cybercrimes to be aware of. In an effort to gain unauthorized access to confidential data, hackers have concocted a plethora of schemes and scams to infiltrate security systems online. Malware, pop-up messages, and spam are just a few examples. However, one technique outshines the competition by tenfold in both effectiveness and commonality… a phishing email.

Phishing email scam

When successful, this rising security threat can lead to a costly data breach. Here’s what to look out for in a phishing email and how you can protect your organization from it.

What is Phishing?

Phishing is a strategy that hackers use to access and steal private information. Posing as a reputable company or trusted entity, they will try to lure individuals into revealing their personal information by clicking a link or opening an attachment. Once they have access to that information, a hacker can use it to commit fraud, identity theft, blackmail, and much more.

A phishing attack can come in the form of a text message, on social media platforms, and- most commonly- an email. Research shows that 96% of all phishing attempts are from an email source. These messages can be very convincing and, more often than not, tough to identify. In fact, one study found that 97% of users were unable to identify a sophisticated phishing email.

Secure email symbol with lock

While it has become increasingly difficult to do, there are ways to protect yourself from a phishing attack. Knowing how to recognize a phishing email can not only minimize your risk of a data breach, but also preserve the integrity of your confidential information.

How to Spot a Phishing Email

Have you ever received an email from a seemingly reliable source? Maybe it was a company you frequently shop at… or even your bank? The language in this message could have appeared urgent or rushed. It may even contain an elaborate story or emergency situation that can all be sorted out with the clickable link or attachment they provided.

If so, it was most likely a phishing email.

With over 3 billion phishing emails being sent everyday, they are undoubtedly the most common type of phishing attack. Posing as a legitimate company or organization, hackers send conspicuous email messages to steal sensitive information. This can be done by clicking a suspicious link or entering personal information for a prize.

Overtime, hackers have developed clever phishing scams to steal confidential information. This can make it difficult for people to identify a fraudulent email. Listed below are some indicators that the email you’ve received is fake.

A Generic Greeting

A legitimate company will typically use your first name to greet you via email. Phishing emails will contain vague, generic greetings such as “Dear Customer…” or “Dear Account Holder…”.

A Request for Personal Information

Anytime you receive a request for personal information via email, airing on the side of caution is always best. A reputable company is not usually going to ask you to reveal confidential data. The most common kinds of data hackers will ask for are…

  1. Credentials (i.e. a password, pin number, username, etc.)
  2. Personal Information (i.e. home address, social security number, etc.)
  3. Medical Information (i.e. history, health insurance numbers, etc.)

Technical safeguard PHI HIPAA

A Strange Domain

A domain name is everything after the “@“ symbol in an email address. For example, an email from an official Netflix account might come from a domain that looks something like, “AccountManagement@netflix.com“. See how there are no additional letters, numbers, misspellings, or grammatical errors in the domain?

Email domains can be falsified in an attempt to steal your information. A hacker will use a variation or misspelled version of the domain, “…@netflix.com” to trick you.

web domain example

 

Double check the sender’s domain name to ensure that the sender is exactly who they say they are. You can see the sender’s email address by clicking on the “From” portion of the email. If it contains any odd variation of numbers or misspellings, it is probably a scam.

A Sense of Urgency

If you are reading an email that is oddly phrased or requires immediate action, it could be a scam. Hackers try to create a false sense of urgency in a phishing email. Therefore, the receiver feels pressured to take action.

For example, if a subject line reads, “URGENT NOTICE: PAYMENT REQUIRED”, it is likely a scam. In fact, research has shown that the top five most commonly used buzzwords in a phishing email’s subject line create a false sense of urgency.

  1. Urgent
  2. Request
  3. Important
  4. Payment
  5. Attention

A Suspicious Link or Attachment

A phishing email will usually contain a hyperlink or suspicious looking attachment for you to click on. Maybe it is your bank supposedly telling you that you have a missed a payment and need to update the credit card on file. All you need to do is click on the link they provided and enter your financial information. However, once you click through, it can lead you to a phony website or even install spam onto your device.

Typically, a legitimate company is not going to send you an attachment that you did not specifically request. Commonly used high-risk attachment types may end in: .exe, .scr, and .zip.

Before you click on suspicious link or download an unsolicited file, double check it to make sure it is legit.

How to Avoid A Phishing Email Scam

Falling victim to a phishing attack is a common, but costly mistake. Unfortunately, cybercrimes like phishing are here to stay, as the Federal Bureau of Investigation estimates a 400% year-over-year increase in phishing attacks. It may appear that this sector of cybercriminals is seemingly unstoppable, but there are things you can do to protect your confidential information.

A secure email provider can help to significantly minimize the security threats a phishing email poses. For example, at Enterprise Guardian, our anti-spam system filters all incoming emails. During this process, our system checks for signs of a phishing attack like suspicious links or domain names. Thus, blocking over 95% of potentially dangerous phishing emails that could have gone straight to your inbox.

secure email hands typing

Additionally, we provide an extra layer of protection with Multi Factor Authentication (MFA) for our client’s billing and webmail information. MFA is a secondary source of verification that we use to keep personal data as secure as possible. This is another great way to avoid a phishing email scam because it hinders a hacker from gaining unauthorized access to your private information even further.

While it may be difficult to avoid a phishing email scam completely, knowing what to look out for and implementing security tactics like our anti-spam system and MFA capabilities can keep you off the hacker’s hook! Visit our pricing page to find the plan that’s right for you!