Have you ever received an email that looked official, but turned out to be a scam? If so, you were the victim of what’s known as a phishing attack.
Whether we like it or not, phishing attacks are on the rise, as cybercriminals are using increasingly sophisticated methods to try to steal your information. This means it’s absolutely essential that you are able to recognize and avoid a phishing email or text when you receive it.
But don’t worry— with a little knowledge on your side, you’ll never fall hook, line, and sinker for a phishing scam ever again!
In this guide, we’ll discuss what phishing is, how to spot a scam email, and how to properly report a suspicious incident. We’ll also walk you through the actions that should be taken in the event that an individual in your organization accidentally responds to a phishing attack. Let’s begin.
WHAT IS PHISHING?
At its core, phishing is an online scam in which a fraudulent email or text message attempts to trick you into providing passwords, credit card numbers, or other confidential data. The malicious emails may appear to come from a legitimate source – like your bank or a trusted colleague – and they often contain official-looking logos or language meant to lend the message authenticity.
There are several different types of phishing scams, such as spear phishing, but they all share one thing in common: if deceived, you could end up granting the attacker access to all sorts of private and valuable information.
Phishing attempts can also lead to malware being installed on your computer if you click on links embedded in the message. The good news is that if you know what to look for, you can often spot an attack and stop it dead in its tracks.
HOW TO RECOGNIZE PHISHING EMAILS
It’s important to note that phishing emails have become more sophisticated than ever before. That said, there are a few common telltale signs you can look for in order to recognize and avoid a scam.
- The displayed name in the email: A name displayed in the “from” box does not guarantee that this is the actual sender. Take a look at the actual email address it was sent from, and if it looks off, it’s likely a scam.
- Suspicious links: If you hover over a link, you should be able to see where it is sending you. In most cases, a link URL should match the sender’s URL. If things don’t line up, be careful. If you click and it directs you to a website asking for a login, don’t proceed!
- Blatant spelling or grammar mistakes: If the content in the message doesn’t look or sound right, it probably isn’t. This includes odd salutations, poorly worded phrases, or a different style of communication than you are familiar with from the sender.
- A request for sensitive information: If you’re ever asked to provide sensitive information, such as your banking account numbers, we recommend you pick up the phone and call a known number to verify the request.
- Implied urgency: If someone is making a time-sensitive threat, such as stopping service or demanding immediate payment, always pause for a moment before reacting. If the request is really that urgent, you probably would have heard about it a lot sooner.
- Images that aren’t quite right: If the images or layout of an email seem a bit off, it’s likely an attempt to fool you. Compare it to an older, verified email from the same sender, if possible.
- Suspicious domains: Many malicious emails use a domain that is close to the legitimate one, but not exactly the same. For instance, you might see “WellsFarg0.com” instead of “WellsFargo.com”. The differences can be subtle (a zero instead of an “o”) so it’s important to look closely.
- Non-standard attachments: If the attached file is not one you recognize (such as .doc for a word file, .xls for an excel file, or .pdf for a PDF file), you’re right to be extremely suspicious.
PHISHING EMAIL EXAMPLES
For the visual learners out there, we’ve also included some images of common phishing emails you should be wary of.
STEPS TO PROTECT YOURSELF AND YOUR BUSINESS FROM PHISHING ATTACKS
If any of the signs above are present in an email or text message you receive, it’s best to take immediate measures to protect yourself and your business. By following the five steps outlined below, you can ensure that your company stays safe from phishing attacks.
- Invest in enterprise-level email security and filtering solutions to gain malware and phishing protection for your inbox.
- Use this guide and other cybersecurity tips to train and educate your staff on how to recognize a phishing attack, as well as best practices for keeping company data secure.
- Immediately report and delete suspicious emails or texts without clicking any links, images, or attachments that may be included.
- Request additional authentication when possible—such as multi-factor authentication—to add an extra layer of protection for important accounts and systems.
- Regularly review your organization’s cyber security policies and update them if necessary to keep up with the latest threats and trends in cybersecurity.
HOW TO REPORT A PHISHING SCAM
At a minimum, you should permanently delete the suspicious message. If you believe the attack is targeting your company specifically, notify your IT team right away so they can investigate and take appropriate action. They will also be able to get a notice out to the rest of your team and advise on additional steps you should take to protect your data and systems from future attacks.
If you would like to go a step further, you can also report the phishing message to your email service provider, such as Microsoft (if using Outlook) or Google (if using Gmail). This will help them improve their filters so you don’t see as many phishing emails like that in the future.
How to report a phishing email in Outlook
- Microsoft 365 Outlook: Select the suspicious message, then choose “Report Message” from the ribbon at the top, and then select “Phishing.”
- Outlook.com: Check the box next to the suspicious message in your inbox. Select the arrow next to “Junk” and then select “Phishing.”
How to report a phishing email in Gmail
Open the message, click on the ellipses (next to the Reply arrow) for more options, and then select “Report Phishing.”
WHAT TO DO IF YOU ACCIDENTALLY RESPOND TO A PHISHING SCAM
If you accidentally clicked a link, opened an attachment, or responded to a phishing attempt in any way—don’t panic! Take a deep breath and then follow the steps below to protect yourself and your organization from further harm.
- Change all passwords associated with any accounts that could have been compromised. (Here are some helpful password tips to make sure your new ones are extra strong.)
- Contact your IT department and/or service providers to ensure there are no malicious programs installed on your computer.
- Regularly monitor your accounts for unusual charges or activity.
- Run a virus scan across all of your systems to make sure there are no hidden threats.
IS YOUR BUSINESS STRUGGLING WITH TOO MANY PHISHING EMAILS?
Whizkids Email Security fights phishing where it can hurt you most: in your staff inboxes. Traditional solutions send emails through a basic spam and antivirus filter. Whizkids’ next-gen email security uses the power of artificial intelligence, crowdsourcing, and Whizkids security analysts to detect and remediate advanced threats before and after delivery.
Contact us today to get started with a new approach to malware and phishing protection.