Whether it’s a personal attack or an attempt to gain valuable business information, email phishing is something we’ve all learned to just deal with.
However, it’s never a good idea to drop your guard. Scammers are getting more sophisticated and you need to be on your toes at all times.
What Is Email Phishing?
Email Phishing is an attempt to trick victims into giving out personal information by posing as legitimate sources. That information is then used to gain access to accounts, credit cards, or to initiate identity theft.
Along with social engineering, email phishing can also include links that will download harmful malware to your device. Here are a few ways to detect and protect yourself from email phishing scams.
Firstly, scammers won’t need to phish for your information if they can just access your accounts in the first place. Good password protection is step one when it comes to protecting yourself.
Luckily, we have compiled a list of best practices to ensure you’re making the strongest passwords possible.
Almost no company in the world will request your personal information through email. If you ever think an email might be legit, pick up the phone and call them using a number found somewhere other than the email they sent (often, they won’t provide one anyway).
This goes for emails received from work colleagues too. If somebody requests something a little out of the ordinary, always confirm in person. It might be real, but chances are, it’s a phishing attempt.
A good rule of thumb: “suspicious” should be your default state of mind when receiving an email from anyone you don’t have a normal email correspondence with.
Check The Domain
Most phishing attempts will come from scammers posing as massive companies like Google, Netflix, or PayPal. Medium to large companies will never use public domains for their emails.
Even Google’s emails are followed by “@google.com” and not “@gmail.com”.
Often the easiest way to instantly detect a phishing attempt is to look at who sent it. If you get a corporate email followed by any public domain (gmail.com, hotmail.com, live.com, etc.), it’s a scam.
Spelling and Grammar
If scammers are taking the time to write malicious emails you might think they would take the time to spell check.
This also goes for the domain name too. Check to make sure the email has, in fact, been sent from “@netflix.com” and not “@Netflicks.com”.
However, spelling and grammar mistakes are often deliberate attempts to target people who are less observant and more easily fooled. So, even though it’s intentional, reading all your emails carefully can mean spotting scams before you click anything.
Links and Attachments
Another thing legitimate companies will never do is send unsolicited attachments. Unless you specifically requested something from them, never open attachments from anyone.
You have to also be careful about clicking links too. Legitimate companies won’t force you to a website and some scammers even code an entire email to link to a malicious site. If you click anywhere in the email, it will open a link. This means verifying who the sender is before you even open it is important.
Change The Culture
When it comes to the workplace, the best thing you can do is make sure everyone takes cyber protection seriously.
QuickProtect offers Employee Awareness training that continually trains and educates employees to strengthen cybersecurity culture. We also frequently simulate email phishing and monitor employee responses to help them identify threats and stop them in their tracks.
Does your team need better cybersecurity?