3 Pro Tips for Flagging Harmful Phishing Emails
Thu Jul 16, 2020 | Lasers Resource
“The practice of using fraudulent e-mails and copies of legitimate websites to extract financial data from computer users for purposes of identify theft.” (Dictionary.com).
88% of organizations worldwide dealt with phishing attacks in 2019, according to Proofpoint. Over the years, these attacks have become significantly more personal and targeted, making them difficult to identify and flag as malicious.
Everything we do as businesses is online now. Sending emails, selling products (the rise in e-commerce due to the pandemic makes this increasingly more relevant), talking amongst co-workers, updating project management systems and CRMs, accounting work, and the list goes on.
In a recent blog post, we discussed the steps you should take to increase your print security. This week, we will explain how to decipher between a safe email and a phishing email.
Here are 3 items to look out for in suspicious emails.
1. Check for grammar and always check the spelling of the domain.
Often, a telltale sign of a phishing email is grammatical errors. The spelling may be okay (a few minor typos here and there can be harmless), but sentences will typically be scattered and confusing (pro tip: we recommend scanning for context—it is usually a dead give away).
If you have even the slightest feeling that the email you received may be a phishing email, you should also check the spelling of the domain. Is it missing obvious letters (htmail.com or gmai.com, for example)? If so, chances are, you are subject to an email scam. While this sounds easy enough to recognize, in reality, the email address is typically so close to the genuine address that it is extremely difficult to pick up on (especially upon first glance). It’s a good idea to make a habit of checking for minor misspellings like this.
2. Is there desperation or urgency in the messaging?
Scammers all seem to have one thing in common: their love of urgency. While the messaging has gotten much more clever over the years, the demanding nature is still ever-present in these emails. The fact is, when you don’t have a lot of time to think about the situation, it is easy to click a harmful link or download a document that may cause serious damage to your company’s most sensitive information.
- A malicious download could add malware to your computer and/or network (this could include viruses, worms, ransomware, adware, spyware...etc.)
We suggest never acting quickly on an email with any unknown link or download. Re-read, check for the common signs we are talking about here and if need be, ask a co-worker or friend to take a look. In this case, you really are better safe than sorry.
3. Are they using someone’s name from within your organization?
The more advanced scammers tend to pull out tricks like using the name of someone within your organization. A boss, manager, co-worker or even the owner of the company (finding these names is usually not very difficult to do). Some go as far as to use similar language to said person, like signing off with “many thanks” for example—which of course, increases the chances of you falling victim to the scam. Again, in this case, you should carefully check the domain name, spelling of the email address, links (if you hover over a link, it will show you the destination without having to click on it), etc. And, if you really aren’t sure—ask.
What should you do when you receive a phishing email?
Think you’ve just received a malicious email at work? You should let your team know as soon as possible as well as the IT department (if you have one) and management. You should also report the user and delete the email immediately (you may take screenshots first if you like).
At Lasers Resource, we specialize in security and help clients identify threats before they reach your inbox. Contact us if you’d like to better protect your business from security threats. We can also assess your current situation and offer advice in this area. You can read more on that here.
Subscribe to Our Blog
Enter your email address to subscribe to this blog and receive notifications of new posts by email.