How To Spot A Phishy Email
While email first debuted in 1971, it remains one of the most useful and prevalent communication tools available. Research shows that in 2019, 3.9 billion people used email, and the number of users will hit 4.48 billion by 2024. While texting, social media, and work collaboration tools like Slack and Microsoft Teams allow real-time communication and convenient teamwork solutions, email persists. Email is particularly useful for:
- Non-urgent communication– Things that don’t require an immediate response that a recipient can deal with on their own timeline.
- Follow-up– It is hard to deny past actions and messages when there is a clear, recorded history.
- Praise– Nearly everyone enjoys opening an encouraging or motivational note.
- Timeshifting– Since it is naturally asynchronous, email is great for communicating with people in different time zones.
- Filtering– There are several ways to filter and whitelist what goes to your inbox.
- One-to-many communication– Email makes it easy to communicate with large numbers of people on the team at once.
- Sending files– You can send files of reasonable size via email.
- Mobile use– With mobile access, people are no longer tethered to a desk or corporate network when working.
The long-enduring popularity of email, however, is also one of the reasons malware attacks are so common. Studies show that 90 percent of malware is delivered by email, with phishing attacks responsible for 80 percent of all reported security breaches. On average, data breaches cost American companies $8.19 million per incident.
What Scams are They Running?
Email attacks, also known as phishing scams, try to appear like emails from reputable companies. These emails dupe readers into giving personal or confidential information or contain malware. People or organizations that send phishing emails try to reach as many people as possible and try to imitate emails from brands and authorities that people know and trust. Mass phishing scams can cause hundreds or thousands of people to unknowingly welcome viruses or ransomware.
However, people can protect themselves by recognizing some of the most common phishing tactics used by cybercriminals. Phishy emails often manifest as:
- Government communication: Phishy emails that seem to follow government agency templates. For example, you might receive an email that claims to be from the FBI or IRS. Many people mistakenly reply to these emails and provide sensitive information out of fear of not complying with the government.
- Messages from friends or coworkers: This method counts on the reader’s recognition and trust in a human“sender.” Attackers hope that their emails look personalized and will catch email users off guard.
- Alleged billing problems– Fake billing problem alerts are a very powerful form of attack, especially with the prevalence of e-commerce. This attack typically cites an issue with a credit card and sends you to a fraudulent link to update your payment information.
- Bank contact: This ploy tricks you with a fake account notification stating that an amount has been withdrawn from your account. It gives you a link that leads to a web form asking for your bank account number for “verification purposes.”
Telltale Signs of a Phishy Email
How effective are these attacks? The FBI stated in the 2019 Internet Crime Report they received 24,000 complaints about business email compromise that year, resulting in more than $1.7 billion losses. The good news is that there are elements an email user can consider or inspect in the heading and body of an email to indicate its malicious origin. For example:
- Real companies do not request sensitive or personal information over email.
- Legitimate companies usually address people by their name. Look out for emails saying: “dear valued member” or “dear account holder.”
- Companies generally have a domain email that matches their website URL.
- Numerous spelling and grammar errors often indicate a phishing scam.
- Unexpected emails that contain attachments that you are directed or encouraged to open are almost always malicious.
- In phishy emails, links in the body of an email may not match the company’s URL structure.
In many cases, people can discern an email’s legitimacy through careful inspection. However, phishing prevails as a threat. While it helps to recognize the ploys used by cyber attackers, even the most vigilant people can fall prey to phishing scams.
Software Protection is the Last Line of Defense
Of all the different phishing attacks, ransomware is one of the most damaging. A simple errant click on a malicious link or other executable causes your data to be encrypted and locked until a ransom is paid. As diligent as people are, software is the most effective screening and the best option for personal or business security.
Ransomware detection software is a critical part of any comprehensive strategy to prevent phishing and other cyber attacks. As ransomware attacks continue to rise in popularity and gain sophistication, relying on human judgment alone can be disastrous. With high-tech security software, you can rest assured that your information and data are safe from cybercriminal.