How to Spot a Phishing Email

It’s easy to imagine a cybercriminal or hacker sitting at a computer writing complex codes designed to break into your office network. But in reality, a cyberattack can be as simple as an email. In fact, 90% of all data breaches include a phishing element.

The cleverness of a phishing email is that it relies on human error—which is the biggest security weakness for any business—and it looks just like any other email you might receive from a legitimate company or financial institution. And if you aren’t paying attention, you could fall victim to the trap like so many thousands have before.

What is a Phishing Email?

So what exactly is a phishing email? As mentioned above, it is an email that has been designed to essentially mimic what an email might look like from another business. It could appear to come from a bank, a credit card company, Apple or Microsoft, Paypal or Ebay, Amazon, Netflix or even your Internet provider.

The email usually dictates a sense of urgency surrounding an issue that must be addressed. For example, your “bank” might tell you that there has been an issue with your account or some suspicious activity, or “Amazon” might tell you that the computer you ordered will be arriving in Florida soon (even though you didn’t order a computer and you live in Connecticut).

As you grow concerned with the content of the email, a solution is offered. Simply click the link to log into your account and rectify the problem—or so you think.

Rather, the link takes you to a cleverly designed website that looks like the real thing, but isn’t. And then, one of two things happens: either you unknowingly give your username and password for that particular account to a hacker or identity thief, or you unknowingly download an invisible program called malware, which has the potential to infect the whole network and allow access by cybercriminals.

With the statistics showing that 1 in every 99 emails is a phishing attempt, it may seem that opening any new email is a precarious endeavor. However, there are several red flags to look out for that can help you determine which emails are harmless and which may have a more devious scheme in mind.

How to Spot a Phishing Email

Phishing emails are usually far from 100% undetectable. In fact, once you know what to look for, it can be quite easy to spot one.

1. Personal Information Is Required

Any email that asks for personal information is an immediate sign that this could be a phishing attempt. Any company you have an account with will already have the information needed to maintain your account.

2. It Instructs You to Click a Link to Log into Your Account

Legitimate emails might do this as well, but you can easily avoid accidentally clicking on fake links by typing the URL for the company the email is supposedly from in a new tab on your browser, rather than going through the email provided link.

Also hovering your cursor over a fake link usually reveals an odd looking URL, often drastically different than the URL of the actual company.

3. The Email Contains Attachments

Never download attachments from a questionable source. The phishing email might try to trick you into believing that the attachment is an invoice or a statement. In actuality, it is likely malware.

4. It is Poorly Written

If the language, grammar and spelling in the email seems a bit off, it is likely a phishing email.

5. It Has a Generic Greeting

If the email addresses you as “Sir,” “Ma’am,” “Dear” or any other generic identifier, it is likely not from a legitimate source. Any company you have an account with often uses your actual name.

6. The Sender’s Email Address Seems Strange

Sometimes just the email address can appear strange or abnormal, another red flag that the email did not come from a legitimate source.

How to Protect Your Business from Phishing Emails

In addition to providing staff with the information above, you should also provide security awareness training to ensure your team complies with secure workplace procedures. Make sure your IT infrastructure has appropriate security defenses in place as well and that vulnerabilities are patched so that any hacking attempts as a result of phishing can be combated.

While a business’s own staff is often its primary security weakness, you can instruct your team on how to better identify phishing and other malicious attacks and improve your company’s cybersecurity.