The FBI Internet Crime Complaint Center finds that people lose billions of dollars to phishing schemes each year. Scammers know people are getting smarter, so they’re always getting better and improving their tactics. That’s why many phishing emails try to look like they’re from a company or person you know and trust. Usually, it looks like it’s from an online store, shipping company, bank, credit card company, or social networking site.
Unexpected Email Messages
So the first sign that an email could be phishing is that it’s unexpected. It’s usually something about suspicious login attempts to your account, a problem with your payment, a government refund, or an invoice for something you didn’t buy. Cybercriminals usually try to take advantage of what’s happening in the world to make it relevant. So it might be related to something that’s in the news, such as COVID. It might be as simple as using the holiday shopping season to send fake purchase emails when they know you might be doing a lot of online shopping.
An Emotional Reaction
Cybercriminals often want to get you to get upset, or panic when you get the email. That brings us to the next thing to watch for to spot a phishing email – an emotional reaction. Sometimes it’s the threat of releasing private information, unexpected tax payments, or even jailtime. They know that when you’re upset, you’re much more likely to do something without stopping to think about it. Cybercriminals are banking on the fact that you want to stop that purchase you didn’t make, report the item that didn’t get delivered, or hurry to login and secure your bank account. If you get an email that makes you want to take action immediately, STOP and look for other signs it could be phishing. For example, look at the email address it’s coming from. If the email address doesn’t look like it’s from that specific person or business, that’s a tip off that it could be phishing.
With the rise in social media, malicious actors are also increasingly using personal information they’ve gathered from social media to target you. It’s important not to overshare personal information on social media, because they could use this information against you. For example, they may say that they’re contacting on behalf of a friend or relative – using real information they’ve found.
Quick Signs of Phishing
However, sometimes cybercriminals use an email that – at first glance – looks legitimate. Maybe it’s transposing a couple letters, or maybe it’s something generic – which is especially common with fake shipments or work-related emails. Beware of any work email that has a web address with HR in the title. These emails also usually start with a generic greeting, such as “dear employee,” or “dear customer.” This is usually a sign that the same phishing email went out to a lot of people. If you work or shop somewhere, they probably wouldn’t use a generic greeting like this.
Attachment Phishing Emails
Beware of any email that has attachments. It’s one of the most common ways cybercriminals deliver malware and ransomware. If the email tells you to look at the attachment, be on guard and look for other signs that it could potentially be a phishing email, and if you happen to open the attachment, never click “enable macros” or “enable content” – that usually launches the malicious code in the background.
Phishing Emails with Links
Similarly, if the email contains a link be cautious. Simply clicking the link could download and install malicious software. If you can, hover your mouse over the link to see where it’s pointing. If the link looks suspicious, this can be a big tip off that it’s phishing. It can be more difficult to spot phishing emails on your phone, so you may want to wait to click a link until you can view it more easily. Be extremely cautious if you click the link and it takes you to a login page. Cybercriminals often use this tactic to steal your username and passwords.
Poor Spelling and Grammar
Poor spelling and grammar used to be a huge tip off, and if you spot it, definitely beware. However, cybercriminals are getting better at what they do, and we’re not seeing these sorts of mistakes in phishing emails as much anymore.
Signs of Phishing Emails
In general, just try not to hurry before taking action on any email. Read it carefully, look at who it’s from, and if it causes you to get upset or nervous, that’s a red flag. Before clicking on links or attachments, review them thoroughly to be sure they’re legitimate. Unfortunately – unless it’s a ransom attack that locks your files and demands payment – most people don’t realize they’ve fallen for a phishing email. Cybercriminals will use their accounts to steal money or personal information, and may use it to trick others. That’s why it’s so important to watch for these signs of phishing.