Much like the shiny lures fishermen use to attract their prey, cybercriminals use email attachments or links to try to get you to click through to malicious content.
Often using cheap scare tactics, phishing scams induce a quick, panicked response by making you feel like you have something to lose by not clicking on the link.
However, the instant you click, you open yourself up to malware attacks that can cost you financially and reputationally, and it will definitely eat up time to reverse the damage that was enacted on your device (if you are able to reverse it at all).
Around 66 percent of all malware installed is done through a malicious email attachment, and some researchers believe that 75 percent of all email sent is some type of spam.
With an estimated 306.4 billion emails sent per day, that’s a pretty substantial amount of malicious emails floating around.
The sheer enormity of this criminal industry is overwhelming, but there are plenty of precautions you can take to keep yourself and your business safe.
Here are 6 ways to evaluate potential phishing scams in your inbox.
- Look at the email's sender. Are you expecting an email from this person? If not, ask them directly what the email is in reference to. Also check for spelling and grammar. The occasional typo happens, but if it's riddled in spelling and grammar errors, it's likely a phishing email. (Additionally, make sure to take a look at who the email was sent to. If you are cc’d on an email with a bunch of people you don’t know, this is also a red flag.)
- Beware of generic greetings. If an email avoids using your name, but is sent directly to you, this may be a sign that the exact same message was sent to a broad spectrum of people in order to increase the scammer's chances of getting a bite.
- Ignore scare tactics. If the email seems like it's trying to scare you into taking immediate action, it’s trying to make you click before you think. Prior to clicking links or attachments in an email, take a second to think about what the sender could be trying to accomplish.
- Do not give out personal information. Keep in mind that reputable organizations are not going to email you and ask for your password or social security number. If you receive an email from someone like your bank claiming fraudulent charges have been made, but you are unsure if the email is legitimate, find a publicly published number for your bank and call them. Do not call the phone number they have listed in the potentially fraudulent email.
- If it sounds too good to be true, it is. Beware of offers or deals that seem too good to be true. Especially when coming from a place you have not heard of, or never signed up to receive email notifications for.
- Check the links. You can hover over a link in an email (or click and hold the linked text on a mobile device) to view the URL destination of the link. If the URL doesn’t go where it says it will take you, do not click it. Another red flag to look for when checking a URL, is an unsecured web link (if the link starts with just http instead of https).
The biggest thing to keep in mind is to not click links or act on an email out of habit. If something doesn't feel right, investigate a little further. It is worth a little extra time to prevent you from falling into a trap.
Take a few minutes each week to learn a little bit more on how to keep yourself safe online. With the growing number of cyber criminals, the stakes are becoming too high to not know how to keep yourself safe. If you have any questions, feel free to reach out to us. We would love to be a resource for you.