You've probably noticed our previous updates covering phishing and how to identify phony emails. And, you've likely had a bit of practice with identifying them yourself on your work computer. But what about staying safe on your mobile device?
The rules for detecting spam and phishing hazards on your phone or tablet differ slightly than what you are used to doing in Outlook on your desktop or laptop. The process isn’t quite as straightforward, but you can still take precautionary steps to avoid becoming a phishing victim.
Here are four guidelines for checking to see if emails received on your mobile devices are legitimate.
1. Were You Expecting the Email or Attachment?
The same rules that apply to email monitoring on your desktop apply on your mobile. If you receive a sudden email that looks like it came from someone you know but you weren’t expecting it, be cautious. If you weren’t expecting something from that person and you receive correspondence with links or attachments, do not click or open them without first consulting that individual.
Additional note: When contacting that person, do not simply respond to the suspicious email as the cyber-attacker could pretend to be your contact, reply with a “yes” and cause you to lower your guard. Instead, call the person you know to see if they sent the message. If they didn’t, delete the email.
Do you know who the trophy phish are in your organization?
Our latest eBook details the 5 most commonly targeted individuals—find out today to avoid getting hooked!
2. Check the Sender’s Email Address, Not Just the Name
This step is similar on mobile when compared to desktop, but it differs in one particular way. When you receive an email on your mobile, the message header may show the name of someone you know, but don’t move too hastily. Take another step to check the sender’s email address, as it is often hidden in the header of mobile applications. Tapping on that header will typically show you the return email address, so you can see if it really came from someone you know.
3. Do the Usual Spelling and Grammar Checks
Is the email riddled with spelling errors? Is the grammar incorrect? Then, chances are, the email is not from a legitimate business, who take extra care to create clear, well-crafted messages with few errors. That’s not to say a legitimate email will not contain errors like the occasional missing word or spelling mistakes, but be wary of emails that contain numerous errors.
Emails with frequent mistakes were most likely written in another language first, then put through a translator. Translation applications may not have suitable matches for words, phrases or other structures of an email, so they come across as incorrect to a native speaker or reader.
4. Check Links Before Clicking Them
While on a desktop client, you can typically hold your mouse over links to see where they will direct you, but this feature isn’t available on mobile devices.
To figure out if a link is safe to visit on a mobile device, you should instead press on the link and hold down. As you do so, a window will appear that gives you a snippet of the URL. From looking at the first piece of this address, you should be able to see enough and decide if the link is safe to visit.
What else can you do to protect yourself?
If you aren’t sure about the validity of an email, always err on the side of safety. You can do three things:
- Contact the business that is allegedly messaging you; many companies, Amazon, for instance, have fraud-detection procedures to follow, should you suspect a spoofed email.
- Go directly to the website without clicking it in an email
- Mark the email as spam and delete it from your inbox.
As an IT managed services provider, CoreTech partners with businesses, offering cyber security training to help protect your organization. Through it, you can learn more about how to ensure that those emails you’re getting are legitimate.
Part of the training service includes sending test phishing emails to determine if your staff are susceptible to phishing. From there, you can determine if more training is required.
If you would like to learn more about how to keep your organization safe from phishing attacks, contact us today.
