Cybercriminals use Phishing to hack into businesses and steal personal information, such as login details, credit card numbers and personal data. Phishing messages are often sent via email, but can also be sent as SMS messages, or messages in third party applications like WhatsApp, Facebook, LinkedIn and Facebook.
Protecting your online identity is as simple as knowing how to spot phishing emails and messages. We have compiled 5 identifiers to help you spot phishing messages.
- Urgency and threats: Be wary of emails that ask you to click, call, or read immediately. To bypass critical thinking that we use when surfing the internet, attackers resort to urgency. These emails usually offer a reward, or the reverse, a penalty, if not taken action on time.
- Senders never seen before: Phishing emails can often originate from an unknown sender. Although many emails are not malicious in nature, it is important to read these emails with extra care. Were you expecting this email? Do you recognize the sender’s domain? Is there anything strange about the email content?
- Poor grammar and spelling: Most native English speakers know how to create a grammatically correct email. Phishing attacks can come from any sender in the world. These attackers won’t speak your language, or even if they do, it is likely not their native language. Grammar and spelling could suffer. You can use the abnormal amount of grammatical or spelling errors to determine if the message is malicious.
- Generic Content: While some phishing attacks can be highly targeted, others are less so. Generic content is used when multiple phishing emails are being sent to the same recipient and the attacker is trying to hook as many people as possible. It is important to be suspicious of emails that appear generic but are sent from unknown senders or domains.
- Beware of suspicious attachments and links: If you suspect that an email may be malicious, do not click on any attachments or links. Nearly weekly, exploits are discovered for browsers and operating system. A simple attachment or a site view could be all that is required to allow a 0-day attack to take place. Although it is unlikely that you will be targeted by a 0-day attack, malicious websites can alert attackers that your browser clicked the link. Even if you don’t give over your credentials, this information provides attackers data that could help them target you in the future.
Although many of these identifiers are not sufficient to identify a phish, when combined they can be a very useful set. If you get an email asking you to reset your password for a service you use often, and providing a link to do this, it is likely that indicators 1, 2, 4, and 5 have been hit.
If you suspect you have been sent a phishing message,
- Do not interact with it. Do not open links, click attachments or respond to the sender.
- It may appear that the email came from someone you know. If so, contact them through another communication channel to confirm.
- For analysis, report the message to your IT team or Security team.
What do you do if your account or computer has been compromised by phishing?
- Record as much detail as you can about the attack.
- Change passwords for accounts that use the same password.
- Multi-factor authentication should be enabled for all accounts.
- Notify your IT and Security teams immediately.
- Contact your local police if you suspect that your money was stolen or that the attackers are trying to blackmail you.
Wrapping up
Many businesses are at risk from phishing. You can reduce the likelihood that phishing emails will be interacted with by using a combination of simulated attacks and security awareness training.
You can train your employees efficiently and effectively by using Digiboost.