It’s hard to believe that you would “take the bait” from a phishing scam, but according to Verizon’s 2016 Data Breach Investigations Report, 30 percent of phishing emails get opened. Phishing is a popular way for scammers because the high click rate shows that it works.  

What is a Phishing Email?

A phishing email attempts to obtain sensitive information by pretending to be a reputable entity like your email provider, a bank, an online payment site, an app, or an online store. 

According to The Federal Trade Commission, scammers usually operate through email links or downloading attachments containing viruses that may:

• Ask you to sign into your email to access or download a file
• Ask you to confirm personal information
• Offer free things or coupons
• Want you to click a link and make a payment
• Tell you that you qualify for some form of eligible refund or prize
• Claim a payment issue with your account
• Say that they noticed suspicious log-in attempts
• Say that your email is out of space
• Ask you to donate to a charitable cause

How to Recognize a Phishing E-mail

At first glance, a phishing email usually looks real because they imitate companies you know and trust. Sometimes emails can come from the email address of someone you know or are close with, whose account may be compromised. This increasingly popular tactic is known as social engineering and it is designed to take advantage of your trust and curiosity. 

It’s important to not open emails, links, or attachments from unknown or unexpected senders and be wary of embedded or unsolicited attachments. 

Who Sent It?

Be cautious of an email from someone you don’t know especially those asking you to sign in to a website or give up sensitive personal information. Real companies never ask for information such as passwords or social security numbers over email. 

It’s good to check the sender because some phishing attempts use an email similar to, but different than the company’s official email address. Most often, people fall for emails that are sent from (what appears to be) the people they know, including their boss, peers, family, and co-workers. A company’s finance team is especially targeted, as emails may appear to be sent from CFO or other executive members asking them to transfer money. 

Was the E-mail Spell Checked?

An obvious sign of a scam or phishing emails are spelling or grammatical errors. It’s unlikely that a legitimate email was passed through the corporate communications department without spelling and grammar checks. Grammatical errors, logos that are “off”, and informal tone are hallmarks of a phishing email. 

Additionally, another indication is if the email starts off with a generic greeting such as “Hi Dear” or “Dear Customer/Member”. If you have an account from the legitimate business, they most likely will use your name and won’t use a generic greeting.

Sense of Urgency

A common tactic for phishing scams is creating a sense of urgency by leading you to believe there is a time sensitive problem. Cybercriminals will make you think that there are consequences if you do not quickly take action using phrases like “Urgent action required” or “Your account will be closed”. Sometimes emails state a deadline asking you to “act in the next 48 hours” or something similar, taking advantage of your anxiety and concern.

What About Links?

Many corporations like Paypal do not include links. If you hover the mouse over the link itself, you can view the underlying URL or address where the link is taking you. By doing so, the embedded URL will show the website it is linked to without actually visiting the website. 

Having the ability to spot a phishing email is crucial to keeping your personal and company accounts secure and safe. Everyone needs to work together to protect the company because one careless click has the potential to compromise an entire organization. A rule of thumb is when in doubt, throw it out.