Phishing scams: 10 things to watch for
Phishing scams run rampant in today’s landscape. Keeping your computer up to date and patched helps in reducing an organization’s overall risk of infection, but being vigilant, prepared, and knowledgeable on how to detect and handle phishing emails (and educating the entire organization to do the same) is critical for protection today. Here are ten areas in an email to be mindful of.
1) Don't trust the display name of the sender
Just because it says it’s coming from a name of a person you know or trust doesn’t mean that it truly is. Be sure to look at the email address—not just the display name—to confirm the true sender.
2) Look but don't click
Hover your cursor over parts of the email without clicking on anything. if the alt text looks strange or doesn’t match what the link description says, don’t click on it—report it!
3) Check for grammatical errors
Anyone can make a typo, but pay close attention to emails littered with grammatical errors. When crafting messages, scammers may use a spell-checker or translation tool, which will give them the right words but not in the proper context.
4) Consider the salutation
Attackers sometimes use general or vague greetings (e.g., “Dear valued customer”) to send emails out en masse. Or they may leave out the salutation entirely. It’s not always an indicator for a scam, but it can be a red flag indicating that something is off.
5) Requests for personal information
Is the email asking for sensitive or personal information? If so, be caution! You can always call the alleged sender or the company’s customer support or navigate to your account on their website to confirm if an action is required.
6) Be careful with attachments
Attackers trick victims by offering an enticing or seemingly normal attachment that contains malware. Never open an unsolicited email attachment that seems suspicious and call the sender to verify if necessary.
7) Beware of urgency
These emails might try to make it sound as if there is some sort of emergency (e.g., the CFO needs a $1M wire transfer immediately, a Nigerian prince is in trouble, or someone only needs $100 so you can claim your million-dollar reward).
8) Check the email signature
Most legitimate senders will include a full signature block at the bottom of their emails. If one doesn’t, be skeptical. Again, it might not indicate a threat…but it might.
9) Don't believe everything you see
If the email seems slightly odd or unusual, it’s better to be safe than sorry. If you see something off, then it’s best to report it to your security operations center (SOC).
10) When in doubt, contact your SOC
No matter the time of day, no matter the concern, most SOCs would rather have you send something that turns out to be legitimate than to put the entire organization at risk.